Defining security schemes for your API

You can use Apiv2Security derive macro for structs which can then be used as handler parameters to have those handlers marked as requiring authorization.

use paperclip::actix::Apiv2Security;

#[derive(Apiv2Security)]
#[openapi(
  apiKey,
  in = "header",
  name = "Authorization",
  description = "Use format 'Bearer TOKEN'"
)]
pub struct AccessToken;

impl FromRequest for Accesstoken { /*...*/ }

#[api_v2_operation]
async fn my_handler(access_token: AccessToken) -> Result<String, MyError> {
    /*...*/
}

First parameter is the type of security, currently supported types are "apiKey" and "oauth2". Possible parameters are alias, description, name, in, flow, auth_url, token_url or parent.

Use alias parameter if you need to have two different security definitions of the same type.

If you need to define scopes for oauth2, use parent attribute:

#[derive(Apiv2Security, Deserialize)]
#[openapi(
  oauth2,
  auth_url = "http://example.com/",
  token_url = "http://example.com/token",
  flow = "password"
)]
struct OAuth2Access;

#[derive(Apiv2Security, Deserialize)]
#[openapi(parent = "OAuth2Access", scopes("pets.read", "pets.write"))]
struct PetScopeAccess;

Defining security

Defining security schemes for your API

results matching ""

No results matching ""