Support cookie based security validation? #280
Comments
|
@tkarls Yep. We need to get this implemented. |
|
initial cookie auth support: b7d7afc |
|
@tkarls please give |
|
@tkarls this is fixed in the latest version, please re-open if you still have issues. Thank you! |
|
@cdimascio Wow, this was quick 😁 I will test the latest version during the day! |
|
@cdimascio Which is different from other request validations where I get an array of all errors encountered back. However, since with the auth errors it is sufficient to have ONE of them correct it might not be the best approach to return them as an array either. Since that can be interpreted as all of them need to be fulfilled. Anyway, the important thing is that the validation is working. So thanks again for your rapid fix :) ! |
|
thanks @tkarls. i'll create a ticket for the errors. will be good to have the same representation |
I have an API and added both Bearer token authentication as well as support for sessions with cookies. But now the openapi validater never ever complain about missing credentials if I have them both listed in the security array.
It works as expected when I only use bearer auth (getting 401 and error message if no bearer token is present). But as soon as I add the cookie based auth to the security array the validator doesn't complain about missing tokens or missing cookies for that matter.
It took me a while to pinpoint but I think the problem is that cookie auth was never implemented and then it always treat that as successful even if no cookie is present. See below.
express-openapi-validator/src/middlewares/openapi.security.ts
Line 246 in 03ba8d6
The text was updated successfully, but these errors were encountered: