fixes basic auth example doc; adds apikey example (#894)

* fixes basic auth example doc; adds apikey example * remove required_scopes references that dont pertain to apikey
spec-first · Mar 11, 2019 · 0989a93 · 0989a93
1 parent 34c7cb1
commit 0989a93
Show file tree

Hide file tree

Showing 4 changed files with 81 additions and 1 deletion.
diff --git a/docs/security.rst b/docs/security.rst
@@ -58,6 +58,8 @@ taken from there, otherwise it's None. This allows authorizing individual
 operations with oauth scope while using basic authentication for
 authentication.
 
+You can find a `minimal Basic Auth example application`_ in Connexion's "examples" folder.
+
 ApiKey Authentication
 ---------------------
 
@@ -66,7 +68,7 @@ With Connexion, the API security definition **must** include a
 semantics as for ``x-basicInfoFunc``, but the function accepts two
 parameters: apikey and required_scopes.
 
-You can find a `minimal Basic Auth example application`_ in Connexion's "examples" folder.
+You can find a `minimal API Key example application`_ in Connexion's "examples" folder.
 
 Bearer Authentication (JWT)
 ---------------------------
@@ -91,4 +93,5 @@ way to start a HTTPS server when using Connexion?
 .. _rfc7662: https://tools.ietf.org/html/rfc7662
 .. _minimal OAuth example application: https://github.com/zalando/connexion/tree/master/examples/swagger2/oauth2
 .. _minimal Basic Auth example application: https://github.com/zalando/connexion/tree/master/examples/swagger2/basicauth
+.. _minimal API Key example application: https://github.com/zalando/connexion/tree/master/examples/oauth2/apikey
 .. _minimal JWT example application: https://github.com/zalando/connexion/tree/master/examples/openapi3/jwt
diff --git a/examples/openapi3/apikey/README.rst b/examples/openapi3/apikey/README.rst
@@ -0,0 +1,20 @@
+=======================
+API Key Example
+=======================
+
+Running:
+
+.. code-block:: bash
+
+    $ sudo pip3 install --upgrade connexion[swagger-ui]  # install Connexion from PyPI
+    $ ./app.py
+
+Now open your browser and go to http://localhost:8080/ui/ to see the Swagger UI.
+
+The hardcoded apikey is `asdf1234567890`.
+
+Test it out (in another terminal):
+
+.. code-block:: bash
+
+    $ curl -H 'X-Auth: asdf1234567890' http://localhost:8080/secret
diff --git a/examples/openapi3/apikey/app.py b/examples/openapi3/apikey/app.py
@@ -0,0 +1,32 @@
+#!/usr/bin/env python3
+'''
+Basic example of a resource server
+'''
+
+import connexion
+from connexion.exceptions import OAuthProblem
+
+TOKEN_DB = {
+    'asdf1234567890': {
+        'uid': 100
+    }
+}
+
+
+def apikey_auth(token, required_scopes):
+    info = TOKEN_DB.get(token, None)
+
+    if not info:
+        raise OAuthProblem('Invalid token')
+
+    return info
+
+
+def get_secret(user) -> str:
+    return "You are {user} and the secret is 'wbevuec'".format(user=user)
+
+
+if __name__ == '__main__':
+    app = connexion.FlaskApp(__name__)
+    app.add_api('openapi.yaml')
+    app.run(port=8080)
diff --git a/examples/openapi3/apikey/openapi.yaml b/examples/openapi3/apikey/openapi.yaml
@@ -0,0 +1,25 @@
+openapi: 3.0.0
+info:
+  title: API Key Example
+  version: '1.0'
+paths:
+  /secret:
+    get:
+      summary: Return secret string
+      operationId: app.get_secret
+      responses:
+        '200':
+          description: secret response
+          content:
+            '*/*':
+              schema:
+                type: string
+      security:
+        - api_key: []
+components:
+  securitySchemes:
+    api_key:
+      type: apiKey
+      name: X-Auth
+      in: header
+      x-apikeyInfoFunc: app.apikey_auth