enhance: openapi: add support for authentication #207
Conversation
Signed-off-by: Grant Linville <[email protected]>
Signed-off-by: Grant Linville <[email protected]>
Signed-off-by: Grant Linville <[email protected]>
g-linville
requested review from
thedadams,
njhale,
StrongMonkey,
iwilltry42,
keyallis and
tylerslaton
Signed-off-by: Grant Linville <[email protected]>
| } | ||
|
|
||
| // If there is a bearer token set for the whole server, and no Authorization header has been defined, use it. | ||
| if token, ok := envMap["GPTSCRIPT_"+env.ToEnvLike(u.Hostname())+"_BEARER_TOKEN"]; ok { |
There was a problem hiding this comment.
@g-linville hi, I just tried the openapi integration with this new code, and using a global _BEARER_TOKEN env var doesn't work anymore, because this code is not reached if I have a security info set, but without the specific _${name} env var.
for example in my case, my openapi document contains:
components:
securitySchemes:
bearerAuth:
bearerFormat: JWT
scheme: bearer
type: httpso if I don't have the _BEARERAUTH env var, I get an error - instead of the code trying to lookup the _BEARER_TOKEN env var.
that's not a big issue because I can change the env var on my side, but it's just that it might confuse people...
There was a problem hiding this comment.
@vbehar Thanks for bringing this to my attention. Yes, this was technically a breaking change, but there has been no release of GPTScript that includes the OpenAPI feature (the only way to use it has been to compile it yourself) so that's why I didn't specifically call it out anywhere.
This adds support for security schemes in the OpenAPI feature.