1 // Copyright 2015 go-swagger maintainers
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
7 // http://www.apache.org/licenses/LICENSE-2.0
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
20 "github.com/go-openapi/jsonpointer"
21 "github.com/go-openapi/swag"
30 application = "application"
31 accessCode = "accessCode"
34 // BasicAuth creates a basic auth security scheme
35 func BasicAuth() *SecurityScheme {
36 return &SecurityScheme{SecuritySchemeProps: SecuritySchemeProps{Type: basic}}
39 // APIKeyAuth creates an api key auth security scheme
40 func APIKeyAuth(fieldName, valueSource string) *SecurityScheme {
41 return &SecurityScheme{SecuritySchemeProps: SecuritySchemeProps{Type: apiKey, Name: fieldName, In: valueSource}}
44 // OAuth2Implicit creates an implicit flow oauth2 security scheme
45 func OAuth2Implicit(authorizationURL string) *SecurityScheme {
46 return &SecurityScheme{SecuritySchemeProps: SecuritySchemeProps{
49 AuthorizationURL: authorizationURL,
53 // OAuth2Password creates a password flow oauth2 security scheme
54 func OAuth2Password(tokenURL string) *SecurityScheme {
55 return &SecurityScheme{SecuritySchemeProps: SecuritySchemeProps{
62 // OAuth2Application creates an application flow oauth2 security scheme
63 func OAuth2Application(tokenURL string) *SecurityScheme {
64 return &SecurityScheme{SecuritySchemeProps: SecuritySchemeProps{
71 // OAuth2AccessToken creates an access token flow oauth2 security scheme
72 func OAuth2AccessToken(authorizationURL, tokenURL string) *SecurityScheme {
73 return &SecurityScheme{SecuritySchemeProps: SecuritySchemeProps{
76 AuthorizationURL: authorizationURL,
81 // SecuritySchemeProps describes a swagger security scheme in the securityDefinitions section
82 type SecuritySchemeProps struct {
83 Description string `json:"description,omitempty"`
84 Type string `json:"type"`
85 Name string `json:"name,omitempty"` // api key
86 In string `json:"in,omitempty"` // api key
87 Flow string `json:"flow,omitempty"` // oauth2
88 AuthorizationURL string `json:"authorizationUrl,omitempty"` // oauth2
89 TokenURL string `json:"tokenUrl,omitempty"` // oauth2
90 Scopes map[string]string `json:"scopes,omitempty"` // oauth2
93 // AddScope adds a scope to this security scheme
94 func (s *SecuritySchemeProps) AddScope(scope, description string) {
96 s.Scopes = make(map[string]string)
98 s.Scopes[scope] = description
101 // SecurityScheme allows the definition of a security scheme that can be used by the operations.
102 // Supported schemes are basic authentication, an API key (either as a header or as a query parameter)
103 // and OAuth2's common flows (implicit, password, application and access code).
105 // For more information: http://goo.gl/8us55a#securitySchemeObject
106 type SecurityScheme struct {
111 // JSONLookup implements an interface to customize json pointer lookup
112 func (s SecurityScheme) JSONLookup(token string) (interface{}, error) {
113 if ex, ok := s.Extensions[token]; ok {
117 r, _, err := jsonpointer.GetForToken(s.SecuritySchemeProps, token)
121 // MarshalJSON marshal this to JSON
122 func (s SecurityScheme) MarshalJSON() ([]byte, error) {
123 b1, err := json.Marshal(s.SecuritySchemeProps)
127 b2, err := json.Marshal(s.VendorExtensible)
131 return swag.ConcatJSON(b1, b2), nil
134 // UnmarshalJSON marshal this from JSON
135 func (s *SecurityScheme) UnmarshalJSON(data []byte) error {
136 if err := json.Unmarshal(data, &s.SecuritySchemeProps); err != nil {
139 return json.Unmarshal(data, &s.VendorExtensible)