OpenApiAuthenticationExtension with oauth2 #985
Comments
well that is not enough information.
That has nothing to do with OAuth2. by default we do not protect the swagger page itself. #264 is dealing with knox, which you don't mention. It might be unrelated.
This is an DRF issue that is unrelated to us. The fact that OAuth/Swagger will require Sry, but your question is all over the place, badly formatted, and too vague to be properly answered. If you want further assistance please rewrite your question with more specifics and clarity. |
Hello
I have read an issue concerning oauth2 customization problems and your suggestion to patch Swagger UI.
I have tried a different approach. My goal would be to use the token received during authentication as a Bearer token. Given that as far as I know it's not possible to change the Authorization from "Basic" to "Bearer" by simple configuration, I tried to come up with a new Scheme that would mimic oauth2 scheme and additionally change the Authorization header. As you suggested here: #264 I created a scheme.py file and defined a new scheme class there ( I played with both OpenApiAuthenticationExtension and DjangoOAuthToolkitScheme as a parent class). As a target class I specified oauth2_provider.contrib.rest_framework.OAuth2Authentication (I did not define my custom authentication class) and in get_security_definition I planned to return both flows and 'bearer' scheme. Unfortunately I have encountered some issues.
Do you have any suggestions for creating a custom oauth2 scheme or a working example? In particular, should I create a custom authentication class or should OAuth2Authentication do? Should I configure my permissions, as right now I see that my app checks permissions when I hit the swagger 'basic view' (the one with list of endpoints where no authentication is required).
The text was updated successfully, but these errors were encountered: