Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable the authorize button from swagger-ui in the shopping example with tutorial #3740

Closed
4 of 5 tasks
jannyHou opened this issue Sep 13, 2019 · 1 comment
Closed
4 of 5 tasks

Enable the authorize button from swagger-ui in the shopping example with tutorial #3740

jannyHou opened this issue Sep 13, 2019 · 1 comment
Assignees
@emonddr
Labels
Authentication feature
Milestone
Oct 2019 milestone

Comments

@jannyHou
Copy link
Contributor

jannyHou commented Sep 13, 2019
edited by emonddr
Loading

Suggestion

As a follow-up story of spike #2027
PoC loopbackio/loopback4-example-shopping#267 enabled the bearer token setting globally, which demos how to perform the authentication from explorer.

  • This story is created to formally add the UI in the example repo.
  • And also find out the scope of the endpoints that we want to secure
  • Only the /users/me will have the operation-level security requirement object setting in the OpenAPI Specification

Use Cases

Using API Explorer, after a user login and get the token, they can set the token in the "authorize" dialog so that when calling the endpoint /users/me decorated by @authenticate(), the bearer token is included in the header.

Examples

See screenshots in https://github.com/strongloop/loopback4-example-shopping/blob/6283c6b995ffcaa166babb91dd99a354bb5f3ac2/README.md#authentication

Acceptance criteria

  • Decide the scope of the endpoints that you want to secure with the bearer security schema. (The spike apply it globally, but the formal PR should decide the scope first)
  • Only the /users/me endpoint will have the operation-level security requirement object setting in the OpenAPI specification.
  • Enable the "authorize" button by adding security scheme object and security requirement object properly.
  • Update the tutorial and doc to reflect the change.
  • The tutorial should include how to set global and operation level security policy.
@jannyHou jannyHou mentioned this issue Sep 13, 2019
Closed
3 tasks
@dhmlau
Copy link
Member

dhmlau commented Sep 16, 2019

@jannyHou, are we planning to have an out-of-box support to allow token based authentication outside the shopping example?

@dhmlau dhmlau added the p1 label Sep 23, 2019
@agnes512 agnes512 mentioned this issue Sep 30, 2019
Closed
25 tasks
@emonddr emonddr self-assigned this Oct 1, 2019
@emonddr emonddr added this to the Oct 2019 milestone milestone Oct 1, 2019
This was referenced Oct 3, 2019
Merged
Merged
@emonddr emonddr closed this as completed Oct 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emonddr emonddr

Labels
Authentication feature
Projects
None yet
Milestone
Oct 2019 milestone
Development

No branches or pull requests
3 participants
@emonddr @jannyHou @dhmlau