Small connexion extension to add authentication into spec routes
Project description
Connexion Auth Paths Extended
Small connexion extension to add authentication into spec routes
The connexion framework it's possible to use a parameter called auth_all_paths (in FlaskApp and AioHttpApp), which in your documentation (link) is defined as:
:param auth_all_paths: whether to authenticate not defined paths
:type auth_all_paths: bool
And it can be used this way, during app initialization:
from connexion import FlaskApp # or AioHttpApp
connexion_app = FlaskApp(
__name__,
specification_dir='swagger/',
auth_all_paths=True
)
But the only routes added to the authentication are the 404 Error route (link) routes, but there are other routes that should also be treated:
/openapi.json/openapi.yamlopenapi_spec_path
The idea of this extension is to apply the default authentication on these routes, without changing the behavior of anything else.
Why?
This was once a requirement requested by the security team in an internal project. The API documentation provides very detailed technical information for the attackers external world, sometimes including email addresses, internal application’s url, API’s structure, and other stuffs. Think that specification it’s like a map, It's also very helpful for them to dig for vulnerabilities and detect targets.
What about the SwaggerUI (/ui/) route?
It is not necessary, as it does not make much sense to ask for a auth/token on a page that will be accessed by the browser. And if some kind of authentication is required, it must be provided to consume the routes through the interface.
Installation
Install with pip:
pip install connexion-auth-paths-extd
or
pip install connexion-auth-paths-extd[aiohttp]
Usage/Examples
from connexion.extended.auth_paths_extd import FlaskApp # or AioHttpApp
connexion_app = FlaskApp(
__name__,
specification_dir='swagger/',
auth_all_paths=True
)
Almost the same, we just change where we are importing the FlaskApp class from. The auth_paths_extd.FlaskApp object works exactly the same as connexion.FlaskApp, same methods, attributes and initialization. No extra parameters are needed, just pass auth_all_paths as True.
No dependencies are required in addition to the connexion itself.
A better exemple is on examples folder.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
File details
Details for the file connexion_auth_paths_extd-0.0.6.tar.gz.
File metadata
- Download URL: connexion_auth_paths_extd-0.0.6.tar.gz
- Upload date:
- Size: 6.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/34.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.9 tqdm/4.63.1 importlib-metadata/4.11.3 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.8.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 319b84ca773c05d5ae9a296172d92004b4f4bf1c1fc7c9893d742cc927d7aa03 |
|
| MD5 | 2aef19b2e311fdaad09cdb18da63614b |
|
| BLAKE2b-256 | 46bc1117fdf18be8cf5f7bad036edd0fa457fd9285e352d19d96e49b2c03c895 |
File details
Details for the file connexion_auth_paths_extd-0.0.6-py3-none-any.whl.
File metadata
- Download URL: connexion_auth_paths_extd-0.0.6-py3-none-any.whl
- Upload date:
- Size: 6.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.8.0 pkginfo/1.8.2 readme-renderer/34.0 requests/2.27.1 requests-toolbelt/0.9.1 urllib3/1.26.9 tqdm/4.63.1 importlib-metadata/4.11.3 keyring/23.5.0 rfc3986/2.0.0 colorama/0.4.4 CPython/3.8.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 706b262fb38245dcfe40719c6fa2b8d38526a2782cbd9b66bd63a35199385179 |
|
| MD5 | b2829504ebb1f266dd56ce28309b8bf9 |
|
| BLAKE2b-256 | 74e64e4990eb227a990b558efc3f41f0d549cda938c0fee6f7a000c24b03a4a8 |
