Opened a new PR for Google Cloud Endpoints OAuth2 ...
# http4kr
Ricardo
08/12/2019, 11:41 AMOpened a new PR for Google Cloud Endpoints OAuth2 support, please let me know if it is OK: https://github.com/http4k/http4k/pull/274
d
dave
08/12/2019, 12:36 PMI don't know much about this, but isn't it just a particular configuration of the existing oauth security? Is there anything to stop us reusing that stuff (with maybe some pre-canned values like we do for OAuthProvider) ?
r
Ricardo
08/12/2019, 2:10 PMI didn't use
OAuthSecurityOAuthSecurityRicardo
08/12/2019, 2:10 PMWould you prefer that we amend
OAuthSecurityRicardo
08/12/2019, 2:11 PMAlso OAuth is excluded from the
SecurityRendererd
dave
08/12/2019, 2:29 PMThe OAuthSecurity definition can take a provider, but it's only through an overloaded method for convienience:
Copy code
data class OAuthSecurity(
val authorizationUrl: Uri,
val tokenUrl: Uri,
val scopes: List<OAuthScope> = emptyList(),
override val filter: Filter,
val name: String = "oauthSecurity"
) : Security {
companion object {
operator fun invoke(oAuthProvider: OAuthProvider,
customScopes: List<OAuthScope>? = null) = OAuthSecurity(
oAuthProvider.providerConfig.authUri,
oAuthProvider.providerConfig.tokenUri,
customScopes ?: oAuthProvider.scopes.map { OAuthScope(it, "") },
oAuthProvider.authFilter
)
}
}dave
08/12/2019, 2:30 PMWe didn't add OAuth security to the OA2 renderer because we were concentrating on V3.
dave
08/12/2019, 2:31 PMfeel free to retrofit it.
dave
08/12/2019, 2:31 PMand as an aside, is there any reason that you're not using OA3?
r
Ricardo
08/12/2019, 3:58 PMGoogle Cloud Endpoints doesn't support OpenAPI3 unfortunately, and neither does the ZAP security scanner we use to pen test our API.
Ricardo
08/12/2019, 3:59 PMI'll update
OAuthSecuritySecurityRendererRicardo
08/14/2019, 8:40 AMSorry to pester you, but would it possible to take a look at the udpates on this PR? It's something we need for deployment here at JL. Happy to make any changes you folks need.
6 Views