[REQ] Add Authorize and bearer roles/scopes support to aspnetcore

[MBcom]

Is your feature request related to a problem? Please describe.

• on generating the aspnetcore server package - (bearer) authentication are ignored and roles/scopes specfied for each operation are ignored too
• it would be time saving if the generator would generate the missing annotations

Describe the solution you'd like

• add an [Authorize] Annotation for each route
• if there is an bearer auth (e.g. with JWT) or an OATUH authentication then annotate with [Authorize(Roles = "...")]

Describe alternatives you've considered

Additional context

see the linked pull request for my suggestions

[tmakin]

@MBcom I'm trying to implement Role based authorization via the aspnetcore generator. However, I can't work out how to define the scopes for this mustache block

{{#isBasicBearer}}
        [Authorize{{#scopes}}{{#-first}}(Roles = "{{/-first}}{{scope}}{{^-last}},{{/-last}}{{#-last}}"){{/-last}}{{/scopes}}]
{{/isBasicBearer}}

Can you point me towards a working example for a bearer security schema with scopes?

I also found this related PR but the conversation is not clear whether the [Authorize(Roles=...)] was left in a working state or not.

[MBcom]

@tmakin you can add the needed scopes in the security part of each route as an array
e.g.

delete:
      summary: Remove a sth
      operationId: removeSth
      security:
          - bearerAuth: #<- the name of your security scheme
            - scope1
            - scope2
            ....

this should generate the following annotated route

        [HttpDelete]
        [Route("/api/v1/example")]
        [Authorize(Roles = "scope1,scope2")]
        [ValidateModelState]
        [SwaggerOperation("removeSth")]
        public virtual IActionResult RemoveSth() ...

I did not tested it again with upstream version - so let me know if you are experiencing any errors

[tmakin]

Thanks @MBcom . That's the pattern I was following but I'm not seeing anything inside the [Authorize] attribute. I've created a demo repro here to illustrate the problem.
https://github.com/tmakin/openapi-generator-issue

[tmakin]

For the record, I've gone with a vendor extension based approach for this instead. It seems more compliant with the OpenAPI spec and also better for documentation generation.

// controller.mustache
...
[RoleFilter{{#vendorExtensions.x-roles}}{{#-first}}({{/-first}}RoleType.{{.}}{{^-last}}, {{/-last}}{{#-last}}){{/-last}}{{/vendorExtensions.x-roles}}]
...

// spec/.yml
...

    /pets/
        get:
            x-roles: [PetOwner, StoreManager]
            ...

Note that RoleFilter is my custom enum based attribute, but the approach would work just as well with the standard [Authorize(Roles=""].

[MBcom]

@tmakin maybe it is a solution too
i tried version 1.0.10-4.0.2 in your test repo and the output is like expected - so there had been a breaking change to the current version