I am working on the definition of a service contract with swagger 2.0.
my question is :
what is the right method to define Bearer token authentication in swagger 2.0?
FYI : I have find to methods in internet what is the right one?
method 1 :
securityDefinitions:
Bearer:
type: apiKey
name: Authorization
in: header
security:
- Bearer: []
method 2 :
securityDefinitions:
ApiKeyAuth:
type: apiKey
name: X-API-Key
in: header
security:
- ApiKeyAuth: []
Related
We have a SaaS product on the firebase platform, one of our customer asked us to provide a SSO experience to their users. They have an old ADFS as an IdP.
I though first to use Passport-Saml but then noticed that firebase auth could use Google Cloud Identity Platform for custom SAML IdP.
It worked pretty well and we got a user logged in first try. However, the user created in firebase is pretty empty.
Here is the user from the auth creation hook:
{
customClaims: {
}
disabled: false
displayName: null
email: null
emailVerified: false
metadata: {
creationTime: "2020-09-21T22:43:36Z"
lastSignInTime: "2020-09-21T22:43:36Z"
}
passwordHash: null
passwordSalt: null
phoneNumber: null
photoURL: null
providerData: [
0: {
providerId: "saml.xxxx"
uid: "xxxx"
}
]
tokensValidAfterTime: null
uid: "xxxx"
}
On the ADFS side, our customer has configured the claims to map LDAP as
E-mail-Addresses -> E-mail Address
SAM-Account-Name -> Name ID
If anyone has an idea on which SAML claim maps to firebase user attribute I would be very grateful, no luck in the doc.
edit
I created the ServiceProvider.xml using saml tools
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
validUntil="2020-09-25T02:53:54Z"
cacheDuration="PT604800S"
entityID="xxxx">
<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://xxx.firebaseapp.com/__/auth/handler"
index="1" />
</md:SPSSODescriptor>
</md:EntityDescriptor>
And did a bit more testing using saml test which was a great sandbox
The answer is twofold:
The ServiceProvider.xml file needs to specify the nameid format as email address
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat>
And the claim mapping from ADFS needs to be
E-mail-Addresses -> Name ID
I'm trying to define a post endpoint using swagger, but it isn't allowing the requestBody parameter:
/names/{roster}:
get:
#...
post:
x-swagger-router-controller: names
description: Adds or removes name(s)
operationId: manageNames
parameters:
- name: roster
in: path
description: the roster to use
type: string
required: true
requestBody:
content:
'application/json':
schema:
$ref: '#/definitions/ManageNamesRequest'
when I run npm start, I get this:
API Errors:
#/paths/~1names~1{roster}/post: Additional properties not allowed: requestBody
1 error and 0 warnings
What's wrong with my spec?
You are probably mixing OpenAPI/Swagger 2.0 and OpenAPI 3.0 syntax. Your spec seems to be 2.0, but the requestBody keyword is a 3.0 feature. In 2.0, the request body is defined as a body parameter:
paths:
/names/{roster}:
post:
produces:
- application/json
...
parameters:
- ...
- in: body
name: body
required: true
schema:
$ref: '#/definitions/ManageNamesRequest'
More info: Describing Request Body
in my new Company i had to debug an error with the Google Analytics Embed API.
Following i figured out:
We use following API: https://developers.google.com/analytics/devguides/reporting/embed/v1/getting-started
In the Backend we make a Request to the O-Auth Service with the JSON Crediential to use in the frontend the authentication Method: serverAuth.access_token instand of the key or clientId
In the Frontend it worked correctly with one Domain.
For the Request against: maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1s&callback=xdc._je5rc5&token=XXXXXX i got the Result:
/**/_xdc_._je5rc5 && _xdc_._je5rc5( [1,null,0] )
And the Second Request:
maps.googleapis.com/maps/api/js/GeocodeService.Search?4sLondon%20UK&7sUK&9sde-DE&callback=xdc._1aw0g9&token=XXXXX1
Return the Right Response: /**/_xdc_._1aw0g9 && _xdc_._1aw0g9( {
"results" : [
{/* Short Version */}
],
"status" : "OK"
}
)
But the same Requests on the same Server with another Domain got an error:
Request: maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1s&callback=xdc._bllk9e&token=XXXXXX
Response:
/**/_xdc_._bllk9e && _xdc_._bllk9e( [0,15,0] )
And the Second Request: maps.googleapis.com/maps/api/js/GeocodeService.Search?4sLondon%20UK&7sUK&9sde-DE&callback=xdc._1aw0g9&token=XXXXX
Response:
/**/_xdc_._1aw0g9 && _xdc_._1aw0g9( {
"error_message" : "Geocoding Service: This service requires an API key. For more information on authentication and Google Maps Javascript API services please see: https://developers.google.com/maps/documentation/javascript/get-api-key",
"results" : [],
"status" : "REQUEST_DENIED"
}
)
Maybe some one had an idea what i could do?
I've developed some google flex endpoints. They work locally but when I deploy the app (gcloud app deploy) I get a http status 403 forbidden. I'm using ajax to call the endpoint like this:
var echoEndpoint = function() {
$.ajax(userBaseUrl+'/echo', {
headers: {'Authorization': 'Bearer ' + userIdToken},
type: 'GET',
data: "key=my special key"
})
}
I'm protecting the endpoint with an apikey and passing the userIdToken in the header. The above code produces the 403 forbidden. But if I remove the header it works. albeit no user token. Here is the code that will NOT produce the 403
var echoEndpoint = function() {
$.ajax(userBaseUrl+'/echo', {
type: 'GET',
data: "key=my special key"
})
}
here is my paths section of my openapi.yaml
.....
paths:
"/echo":
get:
description: "Echo a test message."
operationId: "echo"
produces:
- "application/json"
responses:
200:
description: "Echo"
schema:
$ref: "#/definitions/echoMessage"
x-security:
- firebase:
audiences:
- "my project-id"
....
definitions:
echoMessage:
properties:
message:
type: "string"
Do I need to specify in my openapi.yaml that I'm sending a header in the request? If so how and where? I tried to put it in the definitions section but that yields a INVALID_ARGUMENT error when trying to deploy.
Did you define "firebase" in "securityDefinitions" as shown in this example (https://github.com/GoogleCloudPlatform/python-docs-samples/blob/master/appengine/flexible/endpoints/openapi.yaml#L108"?
Symfony is logging two INFO level statements for every request in my application, inflating an apache log file very rapidly. We're not using Monolog (using an alternate solution), and I've disabled it by removing the bundle in the AppKernel.
[2016-06-23 12:11:04] security.INFO: Populated the TokenStorage with an anonymous Token. [] []
[2016-06-23 12:11:06] request.INFO: Matched route "contact". {"route_parameters":{"_controller": ...
How can I disable this logging?
This happens because Monolog (which symfony will use itself even if you disable it in your app) defaults to std:error:
public function addRecord($level, $message, array $context = array())
{
if (!$this->handlers) {
$this->pushHandler(new StreamHandler('php://stderr', static::DEBUG));
}
Adding any handler in app/config/config.yml will make addRecord reject the unwanted info notice instead.
monolog:
handlers:
syslog:
type: syslog
level: error