Skip to content

Add additional HTTP authorization types#2

Open
mgritter wants to merge 5 commits into
mainfrom
mgritter/add_more_auth_types
Open

Add additional HTTP authorization types#2
mgritter wants to merge 5 commits into
mainfrom
mgritter/add_more_auth_types

Conversation

@mgritter

@mgritter mgritter commented Jul 9, 2021

Copy link
Copy Markdown
Contributor

This includes:

  • all registered types from IANA/IETF
  • a mechanism for marking proprietary headers as authorization
  • non-IANA types such as AWS and Microsoft (NTLM) that appear in the Authorization header

@mgritter mgritter requested review from liujed and thatplguy July 9, 2021 19:13
Comment on lines +169 to +172
// An application-specific authorization header, such as
// Github webhook's X-Hub-Signature-256 or X-Hub-Signature,
// *not* carried in "Authorization".
PROPRIETARY_HEADER = 11;

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think consumers of the IR currently assume that these authorization types are associated with the Authorization header. We'll need to weed out all the places that make this assumption.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The conversion to/from OpenAPI2/3 will need to be updated, as well as the translation of the IR -> frontend data structures. Maybe the visitors as well, @liujed? Seems doable though.

@liujed liujed Jul 9, 2021

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As I recall, parts of the GitHub comment generator will need to be updated too. Certainly doable; just need to be careful to examine all the places where we look at these values.

Comment on lines +169 to +172
// An application-specific authorization header, such as
// Github webhook's X-Hub-Signature-256 or X-Hub-Signature,
// *not* carried in "Authorization".
PROPRIETARY_HEADER = 11;

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The conversion to/from OpenAPI2/3 will need to be updated, as well as the translation of the IR -> frontend data structures. Maybe the visitors as well, @liujed? Seems doable though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants