Details
Major Description
Currently the following is possible via the toolbox:
- Import API via the toolbox
- the OAS being imported is available via URL
- the current implementation of the toolbox does not allow to inject security beside the anonymous_policy
- currently 3scale tries to identify and configure the 3scale authentication settings by analyzing the security schema of the OpenAPI spec
- When there is no security schema in the oas 3scale falls back to the following:
- The product is considered as an "Open API"
- default_credentials 3scale policy will be added (also called as anonymous_policy)
- The command option --default-credentials-userkey is required and the command will fail if not provided
To allow a more flexible setting of the authentication requirements of the imported API
- it must be possible to skip this authentication auto discovery functionality when importing an OpenAPI spec with the toolbox
- For example there could be an option like --authentication-mode=[OIDC | ApiKey | AppIdKey ] to set the mode explicitly with the toolbox import
- In addition it must be possible to configure each of the three authentication modes in the command line options of the toolbox:
- ApiKey => API Key header field name, credentials location
- AppIdKey => App_ID header field name, App_key header field name, credentials location
- OIDC => Type, Issuer, Flow, JWT ClientId Claim Type and Name
- the provided authentication mode and configuration should be injected as a security scheme into the ActiveDoc OpenAPI spec so that it is as well available when the spec is being used for testing in 3scale