Created
August 23, 2022 18:33
-
-
Save jathanism/7cc922cd8124bd175e6aadb3234bc1c0 to your computer and use it in GitHub Desktop.
Trying to extend OpenAPI Token Authentication via drf-spectacular for Nautobot. Hint: It doesn't work.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This was added to schema.py so that it automatically gets applied when the schema is generated. | |
| from drf_spectacular.extensions import OpenApiAuthenticationExtension, OpenApiSerializerFieldExtension | |
| from drf_spectacular.plumbing import build_bearer_security_scheme_object | |
| class TokenScheme(OpenApiAuthenticationExtension): | |
| target_class = "rest_framework.authentication.TokenAuthentication" | |
| name = "tokenAuth" | |
| match_subclasses = True | |
| # This ends up generating an ApiKey object | |
| # This is paassing the `bearer_format` to `build_bearer_security_scheme_object()` | |
| # which is only used in generation of the help text for that in the UI | |
| def _get_security_definition(self, auto_schema): | |
| return build_bearer_security_scheme_object( | |
| header_name="Authorization", | |
| token_prefix="Token", | |
| bearer_format="Token", | |
| ) | |
| # This emits and "http.bearer" object, but it prepends "Bearer" to the header. | |
| # This ONLY emits "Authorization: Bearer {authorization_header_value}". The `swagger-ui` package would need | |
| # to be manually built and published to extend this on the front end. | |
| def get_security_definition(self, auto_schema): | |
| return { | |
| "type": "http", | |
| "scheme": "bearer", | |
| "bearerFormat": "Token", | |
| "description": 'Token-based authentication with required prefix "Token"', | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/nautobot/core/api/schema.py b/nautobot/core/api/schema.py | |
| index 07be8bb73..37b639c81 100644 | |
| --- a/nautobot/core/api/schema.py | |
| +++ b/nautobot/core/api/schema.py | |
| @@ -2,8 +2,9 @@ import logging | |
| import re | |
| from drf_spectacular.contrib.django_filters import DjangoFilterExtension | |
| -from drf_spectacular.extensions import OpenApiSerializerFieldExtension | |
| +from drf_spectacular.extensions import OpenApiAuthenticationExtension, OpenApiSerializerFieldExtension | |
| from drf_spectacular.openapi import AutoSchema | |
| +from drf_spectacular.plumbing import build_bearer_security_scheme_object | |
| from rest_framework import serializers | |
| from rest_framework.relations import ManyRelatedField | |
| @@ -273,3 +274,28 @@ class StatusFieldFix(OpenApiSerializerFieldExtension): | |
| }, | |
| }, | |
| } | |
| + | |
| + | |
| +class TokenScheme(OpenApiAuthenticationExtension): | |
| + # target_class = 'nautobot.core.api.authentication.TokenAuthentication' | |
| + target_class = "rest_framework.authentication.TokenAuthentication" | |
| + name = "tokenAuth" | |
| + match_subclasses = True | |
| + # priority = -1 | |
| + | |
| + # This ends up generating an ApiKey object | |
| + def _get_security_definition(self, auto_schema): | |
| + return build_bearer_security_scheme_object( | |
| + header_name="AUTHORIZATION", | |
| + token_prefix="Token", | |
| + bearer_format="Token", | |
| + ) | |
| + | |
| + # This emits and "http.bearer" object, but it prepends "Bearer" to the header. | |
| + def get_security_definition(self, auto_schema): | |
| + return { | |
| + "type": "http", | |
| + "scheme": "bearer", | |
| + "bearerFormat": "Token", | |
| + "description": 'Token-based authentication with required prefix "Token"', | |
| + } | |
| (END) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment