Comments (2)
@ross96D you would do something like this:
router := chi.NewMux()
// TODO: add JWT middleware if desired.
config := huma.DefaultConfig("My API", "1.0.0")
config.Components.SecuritySchemes = map[string]*huma.SecurityScheme{
"bearer": {
Type: "oauth2",
Flows: &huma.OAuthFlows{
AuthorizationCode: &huma.OAuthFlow{
AuthorizationURL: "https://example.com/oauth/authorize",
TokenURL: "https://example.com/oauth/token",
Scopes: map[string]string{
"scope1": "Scope 1 description...",
"scope2": "Scope 2 description...",
},
},
},
},
}
api := humachi.New(router, config)
huma.Register(api, huma.Operation{
OperationID: "get-greeting",
Summary: "Get a greeting",
Method: http.MethodGet,
Path: "/greeting/{name}",
Security: []map[string][]string{
{"bearer": {"scope1"}},
},
}, func(ctx context.Context, input *GreetingInput) (*GreetingOutput, error) {
// TODO: operation implementation goes here
// TODO: check scopes if desired & depending on middleware
return nil, nil
})
Notes:
- Huma doesn't check the JWT itself. You can use Huma to document it in the OpenAPI, and then use some other middleware (e.g. https://github.com/go-chi/jwtauth) for the validation if your API gateway doesn't handle the authn/authz.
- First you define the security scheme with the auth information like the authorize/token URL. You can also define
ClientCredentials
there for machine-to-machine auth flows. - Next, whenever you register an operation you add the
Security
setting to map to the auth name and any scopes it needs (scopes can also be empty). If you don't need per-operation control over this you can also set the auth at the API config level inconfig.Security
and it'll apply to all operations.
You can also check out https://rest.sh/#/openapi?id=autoconfiguration which is available in Huma as a convenience you can set via config.Extensions["x-cli-config"] = huma.AutoConfig{ /* ... */ }
I'll try and add this to the How-To section of the docs site ASAP 😄
from huma.
Thank you for your answer. I read the documentation and didn't see about this, maybe is worth it to add some explanation about it.
Also I want to mention that when implementing this i found that the base router on huma where the routes gets added is the router you pass at the beginning. So is not compatible with the chi.Group api as it has no ways to interact with the embedded created router.
I made a custom fix for this on the chi adapter but maybe is worth considering a way to easily do this in huma..
Great work, thank you 👍
from huma.
Related Issues (20)
- Fiber adapter NewWithGroup should accept fiber.Router interface
- Getting "Example cannot be created for this schema" in stoplight Response Example section. HOT 4
- Parameters description added to incorrect level HOT 3
- Panic in OnAddOperation HOT 2
- How to add versioning to my API using huma? HOT 7
- Register routes functionality with middlewares HOT 3
- Api grouping bug - /openapi.yaml request from the docs page does not consider the groups HOT 2
- huma.NewError doesn't support error wrapping. HOT 3
- Support Discriminator and DiscriminatorMap HOT 2
- Setting headers in error response HOT 6
- Add more tests for cookie HOT 3
- Add custom header from SSE Handler HOT 3
- How should nullable query params be handled without pointers? HOT 4
- Add support for netip.Addr HOT 1
- Forwarding headers through the middleware not working HOT 5
- Override ErrorModel for single operations HOT 6
- Feature: Accept valueless path/query/header/cookie tags
- Docs UI doesn't handle multiple cookies properly HOT 1
- Allow custom Transform for nested objects HOT 2
- Error thrown when setting cli name HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from huma.