You are here

public function OpenApiGeneratorBase::getSecurityDefinitions in OpenAPI 8.2

Same name and namespace in other branches
  1. 8 src/Plugin/openapi/OpenApiGeneratorBase.php \Drupal\openapi\Plugin\openapi\OpenApiGeneratorBase::getSecurityDefinitions()

Get a list a valid security method definitions.

Returned schema should be similar to the below structure.

``` { "api_key": { "type": "apiKey", "name": "api_key", "in": "header" }, "petstore_auth": { "type": "oauth2", "authorizationUrl": "http://swagger.io/api/oauth/dialog", "flow": "implicit", "scopes": { "write:pets": "modify pets in your account", "read:pets": "read your pets" } } } ```

Return value

array Associative array of security definitions.

Overrides OpenApiGeneratorInterface::getSecurityDefinitions

2 calls to OpenApiGeneratorBase::getSecurityDefinitions()
OpenApiGeneratorBase::getSecurity in src/Plugin/openapi/OpenApiGeneratorBase.php
Returns a list of valid security types for the api.
OpenApiGeneratorBase::getSpecification in src/Plugin/openapi/OpenApiGeneratorBase.php
Generates OpenAPI specification.

File

src/Plugin/openapi/OpenApiGeneratorBase.php, line 248

Class

OpenApiGeneratorBase
Defines base class for OpenApi Generator plugins.

Namespace

Drupal\openapi\Plugin\openapi

Code

public function getSecurityDefinitions() {
  $base_url = $this->request
    ->getSchemeAndHttpHost() . '/' . $this->request
    ->getBasePath();
  $auth_providers = $this->authenticationCollector
    ->getSortedProviders();
  $security_definitions = [];
  foreach ($auth_providers as $provider => $info) {
    $def = NULL;
    switch ($provider) {
      case 'basic_auth':
        $def = [
          'type' => 'basic',
        ];
        break;
      case 'oauth2':
        $def = [
          'type' => 'oauth2',
          'description' => 'For more information see https://developers.getbase.com/docs/rest/articles/oauth2/requests',
          'flows' => [
            'password' => [
              'tokenUrl' => $base_url . 'oauth/token',
              'refreshUrl' => $base_url . 'oauth/token',
            ],
            'authorizationCode' => [
              'authorizationUrl' => $base_url . 'oauth/authorize',
              'tokenUrl' => $base_url . 'oauth/token',
              'refreshUrl' => $base_url . 'oauth/token',
            ],
            'implicit' => [
              'authorizationUrl' => $base_url . 'oauth/authorize',
              'refreshUrl' => $base_url . 'oauth/token',
            ],
            'clientCredentials' => [
              'tokenUrl' => $base_url . 'oauth/token',
              'refreshUrl' => $base_url . 'oauth/token',
            ],
          ],
        ];
        break;
      default:
        continue 2;
    }
    if ($def !== NULL) {
      $security_definitions[$provider] = $def;
    }
  }

  // Core's CSRF token doesn't have an auth provider.
  $security_definitions['csrf_token'] = [
    'type' => 'apiKey',
    'name' => 'X-CSRF-Token',
    'in' => 'header',
    'x-tokenUrl' => $base_url . 'user/token',
  ];
  return $security_definitions;
}