How to support OAuth2 Password flows?

[jmg-duarte]

Question

I'm currently developing an API that makes use of OAuth2 Password Flows and need to be able to authenticate to use it.

Currently, there is no OAuth2 specific code, but for my use case, merely allowing me to declare the Authorization header would already solve my issue. However, there is no way (that I know of) of declaring arbitrary headers on the generated code.

I'm already modifying my OpenAPI schema to handle #558 (comment) but would appreciate more escape hatches on the Swift side.

To that end, I am keen on helping implementing the generation for either the escape hatch or the Authorization header on the presence of OAuth security schemes. Just tell me where to look into!

[czechboy0]

Hi @jmg-duarte,

you're right that there is no special code generated for OAuth2 flows yet, that's a missing feature: https://swiftpackageindex.com/apple/swift-openapi-generator/1.2.1/documentation/swift-openapi-generator/supported-openapi-features#OAuth-Flows-Object

In the short term, we recommend folks implement a ServerMiddleware and add any auth information as a task local, as shown in this example: https://github.com/apple/swift-openapi-generator/tree/main/Examples/auth-server-middleware-example

Long term, it'd be great to see a proposal of how to better support OAuth2 in the generated code. I don't think we've come up with a design yet, and we welcome the community proposing one (using our Proposal process).

[jmg-duarte]

In the short term, we recommend folks implement a ServerMiddleware and add any auth information as a task local, as shown in this example: https://github.com/apple/swift-openapi-generator/tree/main/Examples/auth-server-middleware-example

I'm doing a client though, would that work?

[czechboy0]

developing an API

Apologies, I took the above to mean you're writing the server. Yes, just replace ServerMiddleware with ClientMiddleware, and use this example instead: https://github.com/apple/swift-openapi-generator/tree/main/Examples/auth-client-middleware-example

[czechboy0]

Related to #37.

[laconicman]

I'm currently developing an API that makes use of OAuth2 Password Flows and need to be able to authenticate to use it.
To that end, I am keen on helping implementing the generation for either the escape hatch or the Authorization header on the presence of OAuth security schemes. Just tell me where to look into!

Perhaps this piece of code modesty named RefreshTokenAuthMiddleware might be useful to you. It's not OAuth2, but it's a refresh token authentication scenario. You might be able to reuse some of the approaches.
I'm no expert on Modern Concurrency, but I've tried to make use of it.