Security Definition Updates

[john-arccos]

Commit Message

• creating new parameter useRedirectUI that enables hosting an endpoint for using the standard OAuth 2.0 Authorization Code Grant Flow.

• Updating swagger plugin to include middleware that puts scopes next to the authorization widget for each endpoint

Summary

Love the package you've put together, but wanted to make a couple modifications to better support authentication for my use case. I made the changes listed in the commits above and also just a couple minor clean up things around the code base. You can see my hosted version here, but you I can't give you credentials (work system). Let me know what you think!

Example

Here's a screenshot of what the scope definition additions looks like:

Here's the swagger file I'm including in to accomplish this:

  "swagger": "2.0",
  "securityDefinitions": {
    "AccessCodeAuth": {
      "type": "oauth2",
      "flow": "accessCode",
      "authorizationUrl": "https://signin.arccosgolf.com/login",
      "tokenUrl": "https://signin.arccosgolf.com/oauth2/token",
      "oauth2RedirectUrl": "https://api.arccosgolf.com/swagger",
      "scopes": {
        "openid": "Required for all endpoints that have userId in the path",
        "arccos/read:rounds": "Grants read rounds access",
        "arccos/read:users": "Grants read users access"
      }
    }
  }
}

and here's an example httpApi security attribute I'm using:

    {
        AccessCodeAuth: [
            `arccos/read:rounds`,
        ],
    },
],

[bfaulk96]

I'll try to take a deeper look into this over the weekend if I can find some time, I apologize!

[john-arccos]

verified end result is unchanged (still working) after my last commit

[bfaulk96]

Got a chance to look at this fully, looks good. Thanks for your contribution! I'll release in 2.12.0.