Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Show required OAuth scopes on each endpoint

See original GitHub issue

The API I am documenting has a lot of scopes available. However, a single endpoint usually only requires one scope. Currently a padlock is displayed on each endpoint and clicking it opens the Available authorizations modal where all scopes the API has are displayed.

It would be great to know which individual scopes are required per endpoint.

I have checked my source swagger json and this information is there on a per endpoint basis. Here is a subset of my swagger json to show the relevant sections:

{
  "swagger": "2.0",
  "info": {
    "description": "Api Documentation",
    "version": "1.0",
    "title": "Api Documentation",
    "termsOfService": "urn:tos",
    "contact": {},
    "license": {
      "name": "Apache 2.0",
      "url": "http://www.apache.org/licenses/LICENSE-2.0"
    }
  },
  "paths": {
    "/v1/organisations/{id}": {
      "get": {
        "summary": "Get a single Organisation",
        "operationId": "getByIdUsingGET",
        "security": [
          {
            "Auth0": [
              "get:organisation"
            ]
          }
        ],
        "deprecated": false
      }
    }
  },
  "securityDefinitions": {
    "Auth0": {
      "type": "oauth2",
      "tokenUrl": "https://xxxxxxxxx/oauth/token",
      "flow": "application",
      "scopes": {
        "create:organisation": "Create an Organisation",
        "get:organisation": "Get a single Organisation",
        "list:organisation": "List Organisations",
        "update:organisation": "Update an Organisations",
        "delete:organisation": "Delete an Organisations",
      }
    }
  }
}

Issue Analytics

  • State:open
  • Created 5 years ago
  • Reactions:61
  • Comments:11 (1 by maintainers)

github_iconTop GitHub Comments

17reactions
Akridiancommented, Sep 10, 2020

Is there any chances to get this functionality in future?

15reactions
lephuongbgcommented, Dec 18, 2020

We came up with a plugin that do the job well enough for us:

image

// Remember to include React either through script tag in browser environment:
//     <script src="https://unpkg.com/react@15/dist/react.min.js"></script>
// or through import with webpack/babel:
//     import React from 'react'
const h = React.createElement
SwaggerUIBundle({
    // ...
    presets: [
        system => {
            // Variable to capture the security prop of OperationSummary
            // then pass it to authorizeOperationBtn
            let currentSecurity
            return {
                wrapComponents: {
                    // Wrap OperationSummary component to get its prop
                    OperationSummary: Original => props => {
                        const security = props.operationProps.get('security')
                        currentSecurity = security.toJS()
                        return h(Original, props)
                    },
                    // Wrap the padlock button to show the
                    // scopes required for current operation
                    authorizeOperationBtn: Original =>
                        function (props) {
                            return h('div', {}, [
                                ...(currentSecurity || []).map(scheme => {
                                    const schemeName = Object.keys(scheme)[0]
                                    if (!scheme[schemeName].length) return null

                                    const scopes = scheme[schemeName].flatMap(scope => [
                                        h('code', null, scope),
                                        ', ',
                                    ])
                                    scopes.pop()
                                    return h('span', null, [schemeName, '(', ...scopes, ')'])
                                }),
                                h(Original, props),
                            ])
                        },
                },
            }
        },
    ]
})
Read more comments on GitHub >

github_iconTop Results From Across the Web

Show required OAuth scopes on each endpoint in swagger for ...
Currently getting all scopes the API has However wants to display each endpoint is providing what scopes authorize for it.
Read more >
OAuth Scopes Best Practices | Curity
Best practices for designing OAuth scopes in real world systems and managing them at scale. Discover how to perform API Authorization using Scopes....
Read more >
How to manage OAuth 2.0 scopes - Connect2id
Give a name space for the scopes for each protected resource -- To make sure the scope values for two different resources don't...
Read more >
OAuth 2.0 Scopes for Google APIs | Authorization
This document lists the OAuth 2.0 scopes that you might need to request to access Google APIs, depending on the level of access...
Read more >
API Scopes - Auth0
An application can include any scope defined for an API in its request. Instead of allowing all available scopes to be requested, however,...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Standalone Swagger UI guide for non-node users

Next page

Swagger replaces quotes with angled quotes in documentation