Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bearer authentication is not supported by OAuth2Rule. #1246

Closed
tkrop opened this issue Jun 2, 2021 · 0 comments · Fixed by #1247
Closed

Bearer authentication is not supported by OAuth2Rule. #1246

tkrop opened this issue Jun 2, 2021 · 0 comments · Fixed by #1247
Assignees
@tkrop
Labels
type: bug

Comments

@tkrop
Copy link
Member

tkrop commented Jun 2, 2021
edited
Loading

Rule https://opensource.zalando.com/restful-api-guidelines/#104 does not match exactly the title: MUST secure endpoints with OAuth 2.0. In the text we propose Bearer Authentication, which is not classified as OAuth 2.0 but as HTTP Authentication according to OpenAPI (see https://swagger.io/docs/specification/authentication/bearer-authentication/):components:

  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT

Consequently, The Zally rule implementation is currently rejecting the security schema, since it is not of the required type (see https://github.com/zalando/zally/blob/master/server/zally-ruleset-zalando/src/main/kotlin/org/zalando/zally/ruleset/zalando/SecureWithOAuth2Rule.kt#L23).
@tkrop tkrop added the type: bug label Jun 2, 2021
tkrop pushed a commit that referenced this issue Jun 2, 2021
fix: bearer authorization support (#1246)
4bf84d1
@tkrop tkrop mentioned this issue Jun 2, 2021
Merged
tkrop pushed a commit that referenced this issue Jun 2, 2021
fix: bearer authorization support (#1246)
a5fe6f3
tkrop pushed a commit that referenced this issue Jun 3, 2021
fix: bearer authorization support (#1246)
5daa1ce
@tkrop tkrop self-assigned this Jun 3, 2021
tkrop pushed a commit that referenced this issue Jun 4, 2021
Merge pull request #1247 from zalando/1246-fix-bearer-auth-support
5361700 
fix: bearer authorization support (#1246)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tkrop tkrop

Labels
type: bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: bearer authorization support (#1246) zalando/zally
1 participant
@tkrop