Skip to content

enhance: openapi: add support for authentication #207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
g-linville merged 4 commits into from
Apr 2, 2024
Merged

enhance: openapi: add support for authentication #207

g-linville merged 4 commits into from
Apr 2, 2024

Conversation

@g-linville
Copy link
Member

@g-linville g-linville commented Apr 1, 2024
edited
Loading

This adds support for security schemes in the OpenAPI feature.

@g-linville g-linville marked this pull request as ready for review April 1, 2024 19:23
thedadams
thedadams approved these changes Apr 1, 2024
View reviewed changes
@g-linville
use map[string]struct{} for sets
d926e4c 
Signed-off-by: Grant Linville <[email protected]>
@g-linville g-linville merged commit dcb0390 into gptscript-ai:main Apr 2, 2024
@g-linville g-linville deleted the openapi-authn branch April 2, 2024 13:23
vbehar
vbehar reviewed Apr 3, 2024
View reviewed changes
pkg/engine/openapi.go
}

// If there is a bearer token set for the whole server, and no Authorization header has been defined, use it.
if token, ok := envMap["GPTSCRIPT_"+env.ToEnvLike(u.Hostname())+"_BEARER_TOKEN"]; ok {
Copy link

@vbehar vbehar Apr 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@g-linville hi, I just tried the openapi integration with this new code, and using a global _BEARER_TOKEN env var doesn't work anymore, because this code is not reached if I have a security info set, but without the specific _${name} env var.

for example in my case, my openapi document contains:

components:
  securitySchemes:
    bearerAuth:
      bearerFormat: JWT
      scheme: bearer
      type: http

so if I don't have the _BEARERAUTH env var, I get an error - instead of the code trying to lookup the _BEARER_TOKEN env var.

that's not a big issue because I can change the env var on my side, but it's just that it might confuse people...

Copy link
Member Author

@g-linville g-linville Apr 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vbehar Thanks for bringing this to my attention. Yes, this was technically a breaking change, but there has been no release of GPTScript that includes the OpenAPI feature (the only way to use it has been to compile it yourself) so that's why I didn't specifically call it out anywhere.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thedadams thedadams thedadams approved these changes

@njhale njhale Awaiting requested review from njhale

@iwilltry42 iwilltry42 Awaiting requested review from iwilltry42

@keyallis keyallis Awaiting requested review from keyallis

@tylerslaton tylerslaton Awaiting requested review from tylerslaton

+2 more reviewers

@vbehar vbehar vbehar left review comments

@StrongMonkey StrongMonkey StrongMonkey approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@g-linville @vbehar @thedadams @StrongMonkey