chore: oas spec alignment with new security object

Signed-off-by: Pat Losoponkul <[email protected]>
hyperledger · Oct 16, 2023 · 589565e · 589565e
1 parent eaed8c8
commit 589565e
Show file tree

Hide file tree

Showing 10 changed files with 54 additions and 37 deletions.
diff --git a/...-agent/service/server/src/main/scala/io/iohk/atala/agent/server/http/ZHttpEndpoints.scala b/...-agent/service/server/src/main/scala/io/iohk/atala/agent/server/http/ZHttpEndpoints.scala
@@ -1,7 +1,9 @@
 package io.iohk.atala.agent.server.http
 
+import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic
 import sttp.apispec.SecurityScheme
 import sttp.apispec.openapi.{OpenAPI, Server}
+import sttp.model.headers.AuthenticationScheme
 import sttp.tapir.redoc.RedocUIOptions
 import sttp.tapir.redoc.bundle.RedocInterpreter
 import sttp.tapir.server.ServerEndpoint
@@ -33,14 +35,16 @@ object ZHttpEndpoints {
           .copy(securitySchemes =
             ListMap(
               "apiKeyAuth" -> Right(apiKeySecuritySchema),
-              "adminApiKeyAuth" -> Right(adminApiKeySecuritySchema)
+              "adminApiKeyAuth" -> Right(adminApiKeySecuritySchema),
+              "jwtAuth" -> Right(jwtSecurityScheme)
             )
           )
       )
       .addSecurity(
         ListMap(
           "apiKeyAuth" -> Vector.empty[String],
-          "adminApiKeyAuth" -> Vector.empty[String]
+          "adminApiKeyAuth" -> Vector.empty[String],
+          "jwtAuth" -> Vector.empty[String]
         )
       )
 
@@ -69,6 +73,18 @@ object ZHttpEndpoints {
     openIdConnectUrl = None
   )
 
+  private val jwtSecurityScheme = SecurityScheme(
+    `type` = "http",
+    description =
+      Some("JWT Authentication. The header `Authorization` must be set with the JWT token using `Bearer` scheme"),
+    name = Some("Authorization"),
+    in = Some("header"),
+    scheme = Some(AuthenticationScheme.Bearer.name),
+    bearerFormat = None,
+    flows = None,
+    openIdConnectUrl = None
+  )
+
   def swaggerEndpoints[F[_]](apiEndpoints: List[ServerEndpoint[Any, F]]): List[ServerEndpoint[Any, F]] =
     SwaggerInterpreter(swaggerUIOptions = swaggerUIOptions, customiseDocsModel = customiseDocsModel)
       .fromServerEndpoints[F](apiEndpoints, "Prism Agent", "1.0.0")

diff --git a/...service/server/src/main/scala/io/iohk/atala/castor/controller/DIDRegistrarEndpoints.scala b/...service/server/src/main/scala/io/iohk/atala/castor/controller/DIDRegistrarEndpoints.scala
@@ -15,7 +15,7 @@ import io.iohk.atala.castor.controller.http.{
 import io.iohk.atala.iam.authentication.apikey.ApiKeyCredentials
 import io.iohk.atala.iam.authentication.apikey.ApiKeyEndpointSecurityLogic.apiKeyHeader
 import io.iohk.atala.iam.authentication.oidc.JwtCredentials
-import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.bearerAuthHeader
+import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.jwtAuthHeader
 import sttp.model.StatusCode
 import sttp.tapir.*
 import sttp.tapir.json.zio.jsonBody
@@ -27,7 +27,7 @@ object DIDRegistrarEndpoints {
     .in("did-registrar" / "dids")
     .in(extractFromRequest[RequestContext](RequestContext.apply))
     .securityIn(apiKeyHeader)
-    .securityIn(bearerAuthHeader)
+    .securityIn(jwtAuthHeader)
 
   private val paginationInput: EndpointInput[PaginationInput] = EndpointInput.derived[PaginationInput]
 

diff --git a/.../service/server/src/main/scala/io/iohk/atala/connect/controller/ConnectionEndpoints.scala b/.../service/server/src/main/scala/io/iohk/atala/connect/controller/ConnectionEndpoints.scala
@@ -12,7 +12,7 @@ import io.iohk.atala.connect.controller.http.{
 import io.iohk.atala.iam.authentication.apikey.ApiKeyCredentials
 import io.iohk.atala.iam.authentication.apikey.ApiKeyEndpointSecurityLogic.apiKeyHeader
 import io.iohk.atala.iam.authentication.oidc.JwtCredentials
-import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.bearerAuthHeader
+import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.jwtAuthHeader
 import sttp.model.StatusCode
 import sttp.tapir.*
 import sttp.tapir.json.zio.jsonBody
@@ -32,7 +32,7 @@ object ConnectionEndpoints {
   ] =
     endpoint.post
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in("connections")
       .in(
@@ -62,7 +62,7 @@ object ConnectionEndpoints {
       : Endpoint[(ApiKeyCredentials, JwtCredentials), (RequestContext, UUID), ErrorResponse, Connection, Any] =
     endpoint.get
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in(
         "connections" / path[UUID]("connectionId").description(
@@ -85,7 +85,7 @@ object ConnectionEndpoints {
   ] =
     endpoint.get
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in("connections")
       .in(paginationInput)
@@ -106,7 +106,7 @@ object ConnectionEndpoints {
   ] =
     endpoint.post
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in("connection-invitations")
       .in(

diff --git a/...m-agent/service/server/src/main/scala/io/iohk/atala/event/controller/EventEndpoints.scala b/...m-agent/service/server/src/main/scala/io/iohk/atala/event/controller/EventEndpoints.scala
@@ -10,7 +10,7 @@ import io.iohk.atala.event.controller.http.WebhookNotificationPage
 import io.iohk.atala.iam.authentication.apikey.ApiKeyCredentials
 import io.iohk.atala.iam.authentication.apikey.ApiKeyEndpointSecurityLogic.apiKeyHeader
 import io.iohk.atala.iam.authentication.oidc.JwtCredentials
-import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.bearerAuthHeader
+import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.jwtAuthHeader
 import sttp.model.StatusCode
 import sttp.tapir.*
 import sttp.tapir.json.zio.jsonBody
@@ -23,7 +23,7 @@ object EventEndpoints {
     .tag("Events")
     .in("events")
     .securityIn(apiKeyHeader)
-    .securityIn(bearerAuthHeader)
+    .securityIn(jwtAuthHeader)
     .in(extractFromRequest[RequestContext](RequestContext.apply))
 
   val createWebhookNotification: Endpoint[

diff --git a/...ervice/server/src/main/scala/io/iohk/atala/iam/authentication/oidc/JwtSecurityLogic.scala b/...ervice/server/src/main/scala/io/iohk/atala/iam/authentication/oidc/JwtSecurityLogic.scala
@@ -5,7 +5,8 @@ import sttp.tapir.EndpointInput.AuthType.Http
 import sttp.tapir.ztapir.*
 
 object JwtSecurityLogic {
-  val bearerAuthHeader: Auth[JwtCredentials, Http] = auth
+  val jwtAuthHeader: Auth[JwtCredentials, Http] = auth
     .bearer[Option[String]]()
     .mapTo[JwtCredentials]
+    .securitySchemeName("jwtAuth")
 }
diff --git a/...m-agent/service/server/src/main/scala/io/iohk/atala/issue/controller/IssueEndpoints.scala b/...m-agent/service/server/src/main/scala/io/iohk/atala/issue/controller/IssueEndpoints.scala
@@ -6,7 +6,7 @@ import io.iohk.atala.api.http.{ErrorResponse, RequestContext}
 import io.iohk.atala.iam.authentication.apikey.ApiKeyCredentials
 import io.iohk.atala.iam.authentication.apikey.ApiKeyEndpointSecurityLogic.apiKeyHeader
 import io.iohk.atala.iam.authentication.oidc.JwtCredentials
-import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.bearerAuthHeader
+import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.jwtAuthHeader
 import io.iohk.atala.issue.controller.http.*
 import sttp.model.StatusCode
 import sttp.tapir.*
@@ -25,7 +25,7 @@ object IssueEndpoints {
   ] =
     endpoint.post
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in("issue-credentials" / "credential-offers")
       .in(jsonBody[CreateIssueCredentialRecordRequest].description("The credential offer object."))
@@ -46,7 +46,7 @@ object IssueEndpoints {
   ] =
     endpoint.get
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in("issue-credentials" / "records")
       .in(paginationInput)
@@ -67,7 +67,7 @@ object IssueEndpoints {
   ] =
     endpoint.get
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in(
         "issue-credentials" / "records" / path[String]("recordId").description(
@@ -90,7 +90,7 @@ object IssueEndpoints {
   ] =
     endpoint.post
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in(
         "issue-credentials" / "records" / path[String]("recordId").description(
@@ -115,7 +115,7 @@ object IssueEndpoints {
   ] =
     endpoint.post
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in(
         "issue-credentials" / "records" / path[String]("recordId").description(

diff --git a/...ala/io/iohk/atala/pollux/credentialdefinition/CredentialDefinitionRegistryEndpoints.scala b/...ala/io/iohk/atala/pollux/credentialdefinition/CredentialDefinitionRegistryEndpoints.scala
@@ -7,7 +7,7 @@ import io.iohk.atala.api.http.model.{Order, PaginationInput}
 import io.iohk.atala.iam.authentication.apikey.ApiKeyCredentials
 import io.iohk.atala.iam.authentication.apikey.ApiKeyEndpointSecurityLogic.apiKeyHeader
 import io.iohk.atala.iam.authentication.oidc.JwtCredentials
-import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.bearerAuthHeader
+import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.jwtAuthHeader
 import io.iohk.atala.pollux.credentialdefinition.http.{
   CredentialDefinitionInput,
   CredentialDefinitionResponse,
@@ -41,7 +41,7 @@ object CredentialDefinitionRegistryEndpoints {
   ] =
     endpoint.post
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in("credential-definition-registry" / "definitions")
       .in(
@@ -127,7 +127,7 @@ object CredentialDefinitionRegistryEndpoints {
   ] =
     endpoint.get
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in(
         "credential-definition-registry" / "definitions".description(

diff --git a/...server/src/main/scala/io/iohk/atala/pollux/credentialschema/SchemaRegistryEndpoints.scala b/...server/src/main/scala/io/iohk/atala/pollux/credentialschema/SchemaRegistryEndpoints.scala
@@ -7,7 +7,7 @@ import io.iohk.atala.api.http.model.{Order, PaginationInput}
 import io.iohk.atala.iam.authentication.apikey.ApiKeyCredentials
 import io.iohk.atala.iam.authentication.apikey.ApiKeyEndpointSecurityLogic.apiKeyHeader
 import io.iohk.atala.iam.authentication.oidc.JwtCredentials
-import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.bearerAuthHeader
+import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.jwtAuthHeader
 import io.iohk.atala.pollux.credentialschema.http.{
   CredentialSchemaInput,
   CredentialSchemaResponse,
@@ -41,7 +41,7 @@ object SchemaRegistryEndpoints {
   ] =
     endpoint.post
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in("schema-registry" / "schemas")
       .in(
@@ -76,7 +76,7 @@ object SchemaRegistryEndpoints {
   ] =
     endpoint.put
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in(
         "schema-registry" /
@@ -144,7 +144,7 @@ object SchemaRegistryEndpoints {
   ] =
     endpoint.get
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in("schema-registry" / "schemas".description("Lookup schemas by query"))
       .in(credentialSchemaFilterInput)
@@ -168,7 +168,7 @@ object SchemaRegistryEndpoints {
   ] =
     endpoint.get
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(
         "schema-registry" / "test"
           .description("Debug endpoint")

diff --git a/...er/src/main/scala/io/iohk/atala/pollux/credentialschema/VerificationPolicyEndpoints.scala b/...er/src/main/scala/io/iohk/atala/pollux/credentialschema/VerificationPolicyEndpoints.scala
@@ -7,7 +7,7 @@ import io.iohk.atala.api.http.model.{Order, PaginationInput}
 import io.iohk.atala.iam.authentication.apikey.ApiKeyCredentials
 import io.iohk.atala.iam.authentication.apikey.ApiKeyEndpointSecurityLogic.apiKeyHeader
 import io.iohk.atala.iam.authentication.oidc.JwtCredentials
-import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.bearerAuthHeader
+import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.jwtAuthHeader
 import io.iohk.atala.pollux.credentialschema.http.*
 import sttp.model.StatusCode
 import sttp.tapir.*
@@ -25,7 +25,7 @@ object VerificationPolicyEndpoints {
     Any
   ] = endpoint.post
     .securityIn(apiKeyHeader)
-    .securityIn(bearerAuthHeader)
+    .securityIn(jwtAuthHeader)
     .in(extractFromRequest[RequestContext](RequestContext.apply))
     .in("verification" / "policies")
     .in(
@@ -58,7 +58,7 @@ object VerificationPolicyEndpoints {
   ] =
     endpoint.put
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in("verification" / "policies" / path[UUID]("id"))
       .in(
@@ -90,7 +90,7 @@ object VerificationPolicyEndpoints {
   ] =
     endpoint.get
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in(
         "verification" / "policies" / path[UUID]("id")
@@ -114,7 +114,7 @@ object VerificationPolicyEndpoints {
   ] =
     endpoint.delete
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in(
         "verification" / "policies" / path[UUID]("id")
@@ -142,7 +142,7 @@ object VerificationPolicyEndpoints {
   ] =
     endpoint.get
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in(
         "verification" / "policies"

diff --git a/...e/server/src/main/scala/io/iohk/atala/presentproof/controller/PresentProofEndpoints.scala b/...e/server/src/main/scala/io/iohk/atala/presentproof/controller/PresentProofEndpoints.scala
@@ -6,7 +6,7 @@ import io.iohk.atala.api.http.{ErrorResponse, RequestContext}
 import io.iohk.atala.iam.authentication.apikey.ApiKeyCredentials
 import io.iohk.atala.iam.authentication.apikey.ApiKeyEndpointSecurityLogic.apiKeyHeader
 import io.iohk.atala.iam.authentication.oidc.JwtCredentials
-import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.bearerAuthHeader
+import io.iohk.atala.iam.authentication.oidc.JwtSecurityLogic.jwtAuthHeader
 import io.iohk.atala.presentproof.controller.http.*
 import sttp.model.StatusCode
 import sttp.tapir.*
@@ -31,7 +31,7 @@ object PresentProofEndpoints {
       .summary("As a Verifier, create a new proof presentation request and send it to the Prover.")
       .description("Holder presents proof derived from the verifiable credential to verifier.")
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in("present-proof" / "presentations")
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in(jsonBody[RequestPresentationInput].description("The present proof creation request."))
@@ -56,7 +56,7 @@ object PresentProofEndpoints {
       .summary("Gets the list of proof presentation records.")
       .description("list of presentation statuses")
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in("present-proof" / "presentations")
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in(paginationInput)
@@ -76,7 +76,7 @@ object PresentProofEndpoints {
       )
       .description("Returns an existing presentation record by id.")
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in(
         "present-proof" / "presentations" / path[UUID]("presentationId").description(
@@ -103,7 +103,7 @@ object PresentProofEndpoints {
       )
       .description("Accept or reject presentation of proof request.")
       .securityIn(apiKeyHeader)
-      .securityIn(bearerAuthHeader)
+      .securityIn(jwtAuthHeader)
       .in(extractFromRequest[RequestContext](RequestContext.apply))
       .in(
         "present-proof" / "presentations" / path[UUID]("presentationId").description(