Currently, there is no oAuth1 support in OpenApi 3.0.1 specifications
I need to indicate that some endpoints require an oAuth1.
May someone has some ideas, insights how to do it?
I'm not expecting to have a full swagger functionality,
Just a visualisation that this endpoint is secured or not secured.
Related
I use Micronaut #Version to implement my REST API Versioning strategy, and I use header X-API-VERSION to carry the version number, but I don't know how to group different version of REST API endpoints with Micronaut-openapi. I can do that in SprintBoot by customizing GroupedOpenApi, but I cannot do that in micronaut. Could anyone please help me with this? Thanks.
My team used swagger for documenting REST API.
As a QA engineer I was able to generate rest client from swagger.json that was published on remote server upon deploy and use the client for REST API integration testing.
Now we are about to switch from swagger to Spring REST Docs.
QUESTION:
Is there a way to generate java rest client from Spring REST Docs like it was possible for swagger?
If yes - how to do that?
If no - are there any alternative ways to get/generate REST API client.
There's actually a Spring Rest Docs extension now that generates an OpenAPI 2/3 spec which you can then use to do additional things - like generate a client
https://github.com/ePages-de/restdocs-api-spec
Basic authentication is working fine in my openapi v3 document running in swagger-ui. Now I want to add Google+ oauth2 authentication. Can you point me to good newbie documentation how to do this?
I find the configuration options a bit overwhelming as I don't know what options to choose. Most examples I find using a google search seem to be swagger v2 based or result in me thinking I'm an idiot (which may be the case, but I think it has more to do with knowing little about google oauth flows).
The OpenAPI Specification supports the description of OpenID Connect authorization, however Swagger-UI and Editor have not yet implemented it.
The lack of this functionality has been added to the GitHub swagger/swagger-ui issues #3641 list of features not yet supported by Swagger-UI.
I need to test HTTPS requests with OAuth 1.0 as the authentication method. I tried using the deprecated plugins with older versions, and the Blazemeter script for the same, but neither of them work. I just need to pass the Consumer Key and Secret and sign the HTTPS request with OAuth 1.0 using Jmeter. Can anyone help here please?
JMeter has never supported OAuth per se, so I would recommend using JSR223 PreProcessor in order to sign your request.
Check out How to Run Performance Tests on OAuth Secured Apps with JMeter article which has an example of bypassing OAuth 1.0 challenge using Groovy scripting and oauth-signpost library.
The approach is not guaranteed to work for all OAuth implementations as there could be many encryption options so you may need to modify the code according to your infrastructure.
i have several questions...
Does yahoo and microsoft api support
oAuth 2.0?
If yes then what are the main
security measures those should be
taken care of while shifting from
oAuth 1.0 to oAuth 2.0.
Google API supports oAuth 2.0. But
they have still marked it as an
experimental. Is it good to start
shifting even though it is
experimental?
I see while registering an
application on google (for oAuth
2.0), they ask for callback url. If a single application uses a
condition dependent callback url
such as -
if($myVar == NULL) $callbackUrl = 'http://www.mydomain.com/test.php?m=f¶ms=null'
else $callbackUrl = 'http://www.mydomain.com/test.php?m=x¶ms=1'
How can i implement above when the callback url is already specified? The above conditional mainly handles fallback model of an application or if browser supports java then java based model of an application. Kindly suggest
May i know how many of email
providing websites and social
networks supports oAuth 2.0?
Yahoo does not support OAuth2 yet, only Oauth 1.
Microsoft does support OAuth2. http://msdn.microsoft.com/en-us/library/hh243647.aspx
Oauth 2 is simpler since it uses SSL (HTTPS) to provide transport security, so the signatures and token-secrets are not needed. When you switch you will need to re-implement your OAuth flow. I can't think of any specific security measures specifically applicable to upgrading from OAuth1 to OAuth2, but the spec details some security considerations in section 10 (The parts applicable to clients are 10.3, 10.4, 10.5, 10.6, 10.8 and 10.9).
The OAuth2 specification is still not finalized, and may change. You could begin to implement your OAuth2 flow with Google, but bear in mind that it is possible that names or requirements of parameters, endpoints etc. could change and your application will break / you will need to make changes in future. [Experimental Features] could change (or even be removed) at any time. It is probably a bad idea to use experimental (or beta) software in a critical production environment.
Also, not all Google services support OAuth2 at the moment. eg. If you want to use OAuth for IMAP access to Gmail you will have to use OAuth1 for now.
In the API Console, you can specify multiple callback URLs for your OAuth2 application, one per line. An alternative would be to store your 'm' and 'params' parameters in a browser session / cookie and do the redirect to the correct page once authorization is complete.
Support (some revision of) OAuth2: Facebook, Microsoft/Live, Google (with exceptions described above), Foursquare, GitHub, Gowalla, GeoLoqi, Salesforce.
Support OAuth1 Only: Yahoo, Flickr, Twitter.
Source.