Skip to content

Update service authentication OAuth2 flow scopes to be object with description. #849

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
timotheeguerin merged 6 commits into from
Aug 17, 2022
Merged

Update service authentication OAuth2 flow scopes to be object with description. #849

timotheeguerin merged 6 commits into from
Aug 17, 2022

Conversation

@timotheeguerin
Copy link
Member

@timotheeguerin timotheeguerin commented Aug 11, 2022
edited
Loading

Change the scopes from string[] to {value: string, description?: string}. There is no way yet to set the description in Cadl but this unblock issue with the Arm generated swagger specs.

https://github.com/Azure/cadl-azure/pull/1855

I think to allow description in the cadl document for scopes the flow should allow taking an enum instead of tuple of string(either one) that way you can have things like

enum MyOAuth2Scopes {
   @doc("Permission to read")
   read: "https://myservice.com/read",

   @doc("Permission to write")
   write: "https://myservice.com/write",
}

@azure-pipelines
Copy link

azure-pipelines bot commented Aug 11, 2022

You can try these changes at https://cadlplayground.z22.web.core.windows.net/prs/849/

@timotheeguerin timotheeguerin enabled auto-merge (squash) August 17, 2022 21:58
@timotheeguerin timotheeguerin merged commit 1ef6e5f into microsoft:main Aug 17, 2022
@timotheeguerin timotheeguerin deleted the update-for-swagger-linter branch June 9, 2023 20:01
steverice added a commit to pinterest/typespec that referenced this pull request Jan 29, 2025
@steverice
[Pinterest] Allow for scope descriptions
43fcc01 
This makes a small change to the code introduced in microsoft#849 to allow for models to be used as OAuth scopes.
Without this check, an object like `{value: "foo", description: "bar"}` gets wrapped in an additional `value` key.
When the OpenAPI3 emitter tries to print out the `securitySchemes`, it sees `{value: {...}}` and produces a scope with value `[object Object]` and no description.

Here instead we check for an object and prevent the wrapping.
steverice added a commit to pinterest/typespec that referenced this pull request Dec 2, 2025
@steverice
Allow for scope descriptions
f02ce1c 
This makes a small change to the code introduced in microsoft#849 to allow for models to be used as OAuth scopes.
Without this check, an object like `{value: "foo", description: "bar"}` gets wrapped in an additional `value` key.
When the OpenAPI3 emitter tries to print out the `securitySchemes`, it sees `{value: {...}}` and produces a scope with value `[object Object]` and no description.

This also introduces a base `SecurityScheme` model that allows for more specific type checking on the `@useAuth` decorator.
@steverice steverice mentioned this pull request Dec 2, 2025
Open
steverice added a commit to pinterest/typespec that referenced this pull request Dec 2, 2025
@steverice
Allow for scope descriptions
0e02281 
This makes a small change to the code introduced in microsoft#849 to allow for models to be used as OAuth scopes.
Without this check, an object like `{value: "foo", description: "bar"}` gets wrapped in an additional `value` key.
When the OpenAPI3 emitter tries to print out the `securitySchemes`, it sees `{value: {...}}` and produces a scope with value `[object Object]` and no description.

This also introduces a base `SecurityScheme` model that allows for more specific type checking on the `@useAuth` decorator.

We need to remove an `openapi3` test that checks for an error when providing an unsupported auth type.
Now the compiler enforces that the auth type is `AuthType`, and `openapi3` supports all of the types in `AuthType`, it should not be possible to trigger this condition in TSP.
steverice added a commit to pinterest/typespec that referenced this pull request Dec 3, 2025
@steverice
Allow for scope descriptions
265b0b9 
This makes a small change to the code introduced in microsoft#849 to allow for models to be used as OAuth scopes.
Without this check, an object like `{value: "foo", description: "bar"}` gets wrapped in an additional `value` key.
When the OpenAPI3 emitter tries to print out the `securitySchemes`, it sees `{value: {...}}` and produces a scope with value `[object Object]` and no description.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@markcowl markcowl markcowl approved these changes

@bterlson bterlson Awaiting requested review from bterlson bterlson is a code owner

@daviwil daviwil Awaiting requested review from daviwil

@nguerrera nguerrera Awaiting requested review from nguerrera

@allenjzhang allenjzhang Awaiting requested review from allenjzhang

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@timotheeguerin @markcowl