6

I'm trying to build the Swagger settings for SecurityDefinition in order to get the following result in openapi.json:

"securityDefinitions": {
  "password": {
    "type": "oauth2",
    "tokenUrl": "http://example.com/oauth/token",
    "flow": "password",
    "scopes": {
      "write": "allows modifying resources",
      "read": "allows reading resources"
    }
  }
},
"security": [{
  "password": ["read", "write"]
}]

In my settings.py I have addded the following swagger settings:

# Swagger settings
SWAGGER_SETTINGS = {
  "SECURITY_DEFINITIONS": {
    "password": {
        "type": "oauth2",
        "tokenUrl": "http://example.com/oauth/token",
        "flow": "password",
        "scopes": {
            "write": "allows modifying resources",
            "read": "allows reading resources"
        }
     }
  },
  "SECURITY": [{
    "password": ["read", "write"]
  }]
}

The issue is that in the openapi.json which generated by Swagger there is not the security dict and I have no clue how it is generated.

Below, presented the generated openapi.json:

{
   "info": {
       "title": "Example Service API",
       "version": ""
   },
   "host": "http://example.com",
   "swagger": "2.0",
   "securityDefinitions": {
       "password": {
           "type": "oauth2",
           "scopes": {
               "write": "allows modifying resources",
               "read": "allows reading resources"
           },
           "tokenUrl": "http://example.com/oauth/token",
           "flow": "password"
       }
   },
   "paths": {...}
}

Is there any better way to describe this concept in my Swagger settings? Or can you describe me which is the process and how it is working in order to generate the openapi.json file?

Dimitris Makris
  • 461
  • 5
  • 16

1 Answers1

4

When in doubt, check the code. You can see the definition of OpenAPIRenderer here:

class OpenAPIRenderer(BaseRenderer):
    media_type = 'application/openapi+json'
    charset = None
    format = 'openapi'

    def render(self, data, accepted_media_type=None, renderer_context=None):
        if renderer_context['response'].status_code != status.HTTP_200_OK:
            return JSONRenderer().render(data)
        extra = self.get_customizations()

        return OpenAPICodec().encode(data, extra=extra)

    def get_customizations(self):
        """
        Adds settings, overrides, etc. to the specification.
        """
        data = {}
        if swagger_settings.SECURITY_DEFINITIONS:
            data['securityDefinitions'] = swagger_settings.SECURITY_DEFINITIONS

        return data

So one way to do this is to subclass, for example:

class MyOpenAPIRenderer(OpenAPIRenderer):
    def get_customizations(self):
        data = super().get_customizations()

        # your customizations
        data["security"] = swagger_settings.SECURITY

        return data

Then you can use this renderer class for your view. Hope it helps!

Hieu Nguyen
  • 8,563
  • 2
  • 36
  • 43
  • Unfortunately this doesn't work, since the field SECURITY is not defined in defaults, and hence we cannot define swagger_settings.SECURITY. I think this should be updated in the library though. Issue on Github: https://github.com/marcgibbons/django-rest-swagger/issues/628 – physicalattraction Mar 29 '17 at 12:15
  • @physicalattraction Ah I see. Remember you are working with Django too and it has very flexible `settings` module, so you can solve above issue with: `from django.conf import settings` then replace the problematic line with: `data["security"] = settings.SWAGGER_SETTINGS["SECURITY"]` – Hieu Nguyen Mar 29 '17 at 17:50