Make auth infer opt in #2460
Make auth infer opt in #2460
Conversation
| return securitySchemes; | ||
|
|
||
| // Default implementation, currently only supports JWT Bearer scheme | ||
| return authenticationSchemes |
There was a problem hiding this comment.
I realize that this commit removed the code that would've prevented the Bearer auth scheme from being generated if there was already one provided with options.SecuritySchemes. Perhaps we should add that back here?
There was a problem hiding this comment.
Combining the use of options.SecuritySchemes with the infer behaviour (either default or via SecuritySchemesSelector), with trumping rules etc, feels like a recipe for disaster. So, for this PR, I've simplified the approach so that you either set the security schemes explicitly (via options.SecuritySchemes) OR you "opt-in" to the infer behavior (via InferSecuritySchemes()). So, you can use one approach or the other not a combination of both.
There was a problem hiding this comment.
And of course, in both cases schema filters may be applied for any final tweaks
There was a problem hiding this comment.
Seems fair! I think the schema filters ordering is the most important bit here.
Will this be shipped in a patch or minor release?
There was a problem hiding this comment.
Will ship as a minor version release
Fixes #2459 by making the new functionality opt-in. Opt-in is invoked via config method
InferSecuritySchemes(), which also accepts an optionalFuncto apply custom mapping from authentication/authorization state in ASP.NET Core to Open API security schemes.