Authentication for Open API generator - openapi

I apologize if this has been answered already, but I can't find a clear answer.
Does the current generator support authentication?
I need to generate a client with 2 potential ways of authentication:
Via API key, which means a required api_token parameter.
Via an OAuth 2 authentication code flow.
If it does, how do I use it?
If it doesn't, what do you think is the best way to add authentication after generating the client?

Given that the OpenAPI Generator can interact with any server that exposes an OpenAPI document, it would follow that one first needs an OpenAPI document that utilizes the security scheme term for authentication and authorization. OpenAPI 3.0 (and 2.0) lets you describe the two desired auth approaches.
Once an OpenAPI document in .yaml or .json format has been created, I believe the Getting Started instructions describe the commands necessary to generate server stubs for authentication, based on the OpenAPI document that you have created for your auth flow.
For example, if your OpenAPI document would happen to be the Swagger Petstore example, you would "generate" thusly:
npx openapi-generator generate -i petstore.yaml -g ruby -o /tmp/test/

Related

Tensorflow Serving authentication

I'm using tensorflow serving version 2.2 on Docker with the client REST on Google Cloud Run, i would like to create some authentication method to improve the security.
How can I implement TF Serving with authentication ? I don't found references.
Cloud Run currently doesn’t have builtin support end-user authentication easily. You can use something like Firebase Auth with Cloud Run to authenticate interactive (browser) users.
However, it seems you have a REST API (headless requests). If you want to built authentication/authorization you pretty much have to build something like OAuth (also explained in the same link above).
If you are trying to just authenticate yourself, you can implement HTTP Basic Authentication (username:password, passed in a header).
You can add a authentication by linux firewall......

Generating an API Client with Swagger OpenAPI 3 with OAuth2 Client Credentials

I am using the Swagger OpenAPI 3.0.2 version for describing my API.
I built swagger-codegen 3.0.5 snapshot from the Swagger gihub repo.
I want a Java client that will obtain the OAUTH2 token for a grant type of client_credentials. I want client credentials because this is one machine talking to another, I am not asking a user for their credentials. I have the following bit in my spec file:
securitySchemes:
oAuth2ClientCredentials:
type: oauth2
description: Standard OAUTH2
flows:
clientCredentials:
tokenUrl: my_token_url
scopes: {}
security:
- oAuth2ClientCredentials: []
I want a Basic Authentication header with the client ID and the client secret in the standard base64 encoding with the grant_type as a URL encoded form. This is pretty standard OAuth2 authentication.
I seem to sometimes get code for the OAuth authentication and sometimes not. The python library has nothing for OAuth other than me proving the access token by hand. The Java library doesn't have it unless I ask for retrofit as the base library, but it generates a Bearer Authentication header, rather than a Basic Authentication Header. Retrofit2 doesn't even work, the handlebars template has an illegal character in it that handlebars barfs on.
So what do people do to get their access tokens when they have a client ID and a client secret? Do you craft the code to get the access token by yourself? Or is there some magic way of getting swagger-codegen-cli to generate the code for me, depending on the libraries that I use?
If anyone has managed to get swagger-codegen-cli to generate everything they need for OAuth 2 client credentials with an OpenAPI 3.0 specification, please let me know.

accessing keberos enabled Rest service using Karate

I am trying to set up Karate test framework for our new project. We will be enabling Kerberos authentication to our Rest microservices. Can you please tell me if Karate supports Kerberos aunthentication
Most projects are able to call a normal HTTP end-point and get a token from it which will be used as an auth header. So look for the OAuth and header authentication demos / in the documentation.
Otherwise, take a look at this approach: https://stackoverflow.com/a/51150286/143475 - so it is possible for you with a little extra work to call into some .NET code for e.g. which you can design to give you the headers / tokens you need.

Example Amazon S3 Get Bucket Request using Access Key and Secret

I am struggling to understand the documentation on how to make a request to Amazon S3 API's to retrieve a list of Objects.
The documentation doesn't show how to Authorise the request using just the access key and secret. Can someone post an example? preferably something I can use in Postman to test with.
AWS supports two signature versions: Signature Version 4 and Signature Version 2.
You should use Signature Version 4. All AWS services support Signature Version 4, except Amazon SimpleDB which requires Signature Version 2.
All AWS regions support Signature Version 4.
Here is a great article by ŁUKASZ ADAMCZAK explaining how to generate and sign the S3 request using openssl and curl:
Amazon S3 REST API with curl
The real challenge will be to do the sigv4 signing. I truly urge you to use one of the established SDKs (what language are you using??). If not wrap a call to the AWS CLI.
If you really want to implement it yourself the I urge you to open source your efforts so others can benefit.
I would start by setting up the bucket with no auth (so anyone can read from it) and determine how to make a request to S3 first. You can see some raw HTTP Request examples here: https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectGET.html#RESTObjectGET-responses-examples
Then you'll be on to the fun part, sigv4 signing the request. This is a well documented process but still a good amount of effort. https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html

Couchbase REST Authorization

I am looking to access a local instance of Couchbase Server through its REST API. The HTTP GET requests are sent from Java.
The problem I am currently running into has to do with authorization.
Specifically, I have managed to use Couchbase's Basic Authorization, but only by obtaining the hashed credentials (bG9jYWw6dHdlZXRzOnBBc3Mx in the example linked to above) by monitoring a Couchbase browser session using Chrome's developer tools and inspecting the request headers.
Now, another Couchbase article mentions that Couchbase uses SHA-1 in compliance with SCRAM. However, no mention is made of how to obtain the 'salt' and 'iterations' parameters from Couchbase. Which, I assume I need to go from the credentials to the challenge solution (i.e. hashed string)
So, the question is as follows: how to get from the credentials (user="local:tweets", pass="pAss1") (from the example of the first link) to bG9jYWw6dHdlZXRzOnBBc3Mx?
Thanks in advance,
Thomas
SCRAM SHA-1 support is only for the Data (K/V) service and only through certain Couchbase SDKs which use the memcached binary protocol. The Java SDK does have support for SCRAM SHA-1.
The REST interface you appear to be using is N1QL's API. That does not support SCRAM SHA auth.
If you're looking to give some other application HTTP access, my recommendation would be to write a small Java app with Spring Boot or the like and use the Java SDK from there. Then you have complete control over how auth is done at the REST interface. A colleague wrote one of these just the other day. Note that even in this case, the Java SDK won't be using SCRAM when running N1QL queries, but you can use that as a point of control.