Enable auth and bearer token validation. about protes HOT 2 CLOSED

The problem is that there are no securitySchemes defined in the (pro)TES specification, neither are they applied globally or to individual operations (see steps 1 and 2 here: https://swagger.io/docs/specification/authentication/)

Now, ideally we should be able to add these through the app config via FOCA. So, e.g., by specifying the following API configuration, we should get what we need:

api:
  specs:
    - path:
        - api/9e9c5aa.task_execution_service.openapi.yaml
        - api/additional_logs.yaml
      add_operation_fields:
        x-openapi-router-controller: ga4gh.tes.server
        security:
          - bearerAuth: []
      add_security_fields:
        bearerAuth:
          type: http
          scheme: bearer
          bearerFormat: JWT
          x-bearerInfoFunc: foca.security.auth.validate_token

However, we can currently only add fields to existing operations and security definitions. Therefore, add the security properties to each operation works well with the above example, but adding securitySchemes when there isn't already one defined, does not work with the current implementation in FOCA (link to code):

        if not spec.disable_auth and spec.add_security_fields is not None:
            for key, val in spec.add_security_fields.items():
                # OpenAPI 2
                sec_defs = spec_parsed.get('securityDefinitions', {})
                for sec_def in sec_defs.values():
                    sec_def[key] = val
                # OpenAPI 3
                sec_schemes = spec_parsed.get(
                    'components', {'securitySchemes': {}}
                ).get('securitySchemes', {})  # type: ignore
                for sec_scheme in sec_schemes.values():
                    sec_scheme[key] = val
            logger.debug(f"Added security fields: {spec.add_security_fields}")

Therefore, without changing the implementation in FOCA, we need to add an additional, partial OpenAPI file, e.g., api/security_schemes.yaml, with the following content:

components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT

And then use the following FOCA API configuration:

api:
  specs:
    - path:
        - api/9e9c5aa.task_execution_service.openapi.yaml
        - api/additional_logs.yaml
        - api/security_schemes.yaml
      add_operation_fields:
        x-openapi-router-controller: ga4gh.tes.server
        security:
          - bearerAuth: []
      add_security_fields:
        x-bearerInfoFunc: foca.security.auth.validate_token

I suggest that we commit the api/security_schemes.yaml file and configuration changes to version control. I will raise a PR.

from protes.

Closed by #163

from protes.