Anyone tried OpenId? · spec-first/connexion#694

(14 comments) (3 reactions) (0 assignees)Python (4,346 stars) (738 forks)batch import

featurehelp wanted

Description

I tried to use OpenId for secure my endpoints, but when the security is not applied. My endpoint returned it's result without the use of my token.

I cloned the dev-2.0 branch and used the hello example.

My swagger config file:

openapi: "3.0.0"

info:
  title: Hello World
  version: "1.0"
servers:
  - url: http://localhost:9090/v1.0

paths:
  /greeting/{name}:
    post:
      summary: Generate greeting
      description: Generates a greeting message.
      operationId: hello.post_greeting
      responses:
        200:
          description: greeting response
          content:
            text/plain:
              schema:
                type: string
                example: "hello dave!"
      parameters:
        - name: name
          in: path
          description: Name of the person to greet.
          required: true
          schema:
            type: string
            example: "dave"

components:
  securitySchemes:
    openId:
      type: openIdConnect
      openIdConnectUrl: http://127.0.0.1:8080/.well-known/openid-configuration

# Global security
security:
  - openId:
      - admin

curl http://127.0.0.1:9090/v1.0/greeting/wim --request POST

produces: hello wim

Contributor guide

Tech stack: python
Domain: backendapisecurity
Issue type: bug
Difficulty: 3
Estimated time: over 1 week
Activity status: stale
Clarity: needs investigation
Prerequisites: PythonOpenID ConnectConnexion framework
Newbie friendliness: 20
Research direction: Review the issue comments to understand the problem. Examine connexion's security handling code, particularly how OpenID Connect is implemented. Check the official OpenID configuration and compare with the user's example. Look for any missing security scheme configuration or middleware issues. See if the problem is a documentation gap or a code bug.