[FEATURE] Open API: named auth implementation #1710
Labels
Component: Hooks
Extensibility and customization
Core: Transport
Sending data to the tested app
Difficulty: Hard
Complex, needs deep understanding
Priority: Medium
Planned for regular releases
Specification: OpenAPI
Specific to OpenAPI
Type: Feature
New functionalities or enhancements
Problem
It could be tedious to use different auth types within the same Open API schemas in Schemathesis. Essentially it means duplicating the filtering logic inside the auth implementation itself (filters will simplify it though).
Solution
Add a method that makes Schemathesis use certain auth mechanisms based on their name & type.
Schema:
Then it could be something like:
I.e. some specifically typed methods that will automatically add proper impl under the hood.
Alternative, a simpler interface, but typing would be harder to specify (+ some validation would be needed):
Also, overriding some values would be nice for testing purposes - e.g. specify a different
refreshUrl
for testing purposes.Probably Schemathesis can't support all security schemes, especially ones with device auth codes, but username / password or token-like should be a good starting point.
Implementation notes
schema.auth
, but sinceAuthStorage
is spec-agnostic we might need to subclass it in order to add some setup-time validation for inputsThe text was updated successfully, but these errors were encountered: