-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Optional Support for Rocket-Okapi in IntrospectedUser #559
Conversation
- Added a new struct `IntrospectionRocketConfig` for configuring OAuth token introspection from a Rocket.toml file.
Hello @NewtTheWolf, this is a very nice proposal. This helped me a lot as I needed an OpenApi spec for my API implemented with rocket using zitadel. While this allows the usage it seems to not work without problems. The other problem is that a typescript client generated from a spec made with this using the https://github.com/OpenAPITools/openapi-generator tool does not send the authorization header by default. I would also propose to implement the second method |
Hello @FrTerstappen,
My primary focus for my own project was to continue development without needing to create a
I haven't encountered this use case yet, but I will test it and try to reproduce the issue. If I can replicate it, I’ll work on a fix.
I hadn’t thought of that—great idea! Implementing additional status codes, like a 401 Unauthorized or a bad request when no authorization header is sent, definitely makes sense. My biggest challenge right now is understanding how to properly use the configuration that this client is intended for. This client is based on |
I’m considering adding two additional features, "rapidoc" and "swagger", to the project. The idea is that only one of these features would be active at a time:
Would this approach make sense, given the specific requirements for each tool? Any feedback or suggestions would be appreciated! |
I tested it today, and the login worked without any issues. You'll need to add the following to your [default]
authority = "https://auth.yourzitadel.de" Also, make sure to add the redirect URL to |
Just created GREsau/okapi#151 to ask for help regarding configuration access within the OpenApiFromRequest implementation in rocket_okapi. |
Thank you for your feedback. I will take a deeper look at your changes and test them on Monday. Now that you have confirmed that the login on the swagger docs should work I will invest some time to find out why it did not work for me.
I'm not sure I understand what you want to use the two proposes features for. Or do you want to adjust the schema for the login in the docs based on which is activated? I also do not know how to solve the problem of configuration. The current solution of specifying the authority in the Rocket.toml file works good enough for me. |
Thanks for your feedback, keep me updated!
The main difference (in docs) between OAuth2 and OIDC is that OIDC does not work in Rapidoc and vice versa. My idea is to allow activating the feature that best suits your preferred documentation. In case you configure both docs in your Rocket app, you wouldn't be able to have both activated in
I think it would also be a great idea to support a general function to configure the client, like with What do others think about this approach? |
Adjusting the redirect URL helped. Having features for the different authentication schemes or for the different viewer for the OpenAPI spec (swagger, rapidoc, ...) seems like good idea. I also tried your latest changes and while the additional response types show up I realized that you also specified a schema for the response.
Looking at the errors used by the guard it seem like many errors are possible.
I'm not sure if the best way is to add them all or to just specify a more generic version of the error, e.g. only The errors also do not reflect all status codes used by the guard. |
I’m glad to hear that adjusting the redirect URL helped! Regarding the error handling, I agree that generalizing the I was thinking of proposing adding a I’ll handle the additional features in a separate pull request. For now, my focus will be on Swagger users since that’s what I primarily use. |
It was actually changing the redirect URL in combination with adding a key to my app in zitadel. I think having a struct with I think focusing on swagger and doing everything else in a follow up PR sounds like a good idea to move forward. |
At the moment, this is the best solution we can achieve. I believe this pull request is ready for a final review. I will keep track of the Issue on okapi Everything else, like an error struct for doc generation, the generic 403 response, and Rapidoc, I would implement in separate pull requests. I'll change the status to "Ready for Review" after a quick check to make sure the code is clean. |
Hi @NewtTheWolf |
Draft: Add Optional Support for Rocket-Okapi in
IntrospectedUser
Overview
This pull request introduces the initial implementation of optional Rocket-Okapi support for the
IntrospectedUser
type within thezitadel-rust
project. The goal is to enable automated OpenAPI documentation generation for Rocket-based applications using this type.#558
Current Implementation
I have added preliminary code to integrate Rocket-Okapi, which is currently functional but still requires further review and enhancements. Here are the specific changes made:
rocket_okapi
as an optional dependency.OpenApiFromRequest
forIntrospectedUser
, including security scheme setups and default responses.Status
The current implementation works as intended, enabling the
IntrospectedUser
to be utilized within the OpenAPI framework provided by Rocket-Okapi. However, this is still a draft, and the implementation is open for review and suggestions on improvements.Next Steps
Invitation for Feedback
I am actively seeking feedback on the current implementation and suggestions on how we can further refine this feature. Any input on additional aspects to consider, potential issues, or improvements would be greatly appreciated.
Thank you for reviewing this draft pull request. I look forward to your suggestions and contributions to finalize this feature.