Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Define clearly the meaning of the Http authentication #2672

Open
timotheeguerin opened this issue Nov 15, 2023 · 4 comments
Open

Define clearly the meaning of the Http authentication #2672

timotheeguerin opened this issue Nov 15, 2023 · 4 comments
Labels
breaking-change A change that might cause specs or code to break design:accepted Proposal for design has been discussed and accepted. feature New feature or request lib:http triaged:core
Milestone
Backlog

Comments

@timotheeguerin
Copy link
Member

Discussion opened on this pr #2639

Right now we have schema being an open value with some known ones(bearer and basic) It was previously assumed that the http authentication should format the header in this format <scheme> <value> but the spec says that bearer should be Bearer
The values we have are inline with openapi3 but we have never explicitly defined the meaning of the scheme.

Should it be a set of known values that emitters should understand or shoudl emitter just take the value as it is <scheme> <value>
@timotheeguerin timotheeguerin mentioned this issue Nov 15, 2023
Closed
@MaryGao MaryGao mentioned this issue Nov 16, 2023
Closed
@markcowl markcowl added the design:needed A design request has been raised that needs a proposal label Nov 20, 2023
@timotheeguerin
Copy link
Member Author

timotheeguerin commented Nov 22, 2023
edited
Loading

Proposal

Http Authentication is defined as an authentication that use the Authorization header using a scheme:

The scheme value is case insensitive, typespec provided models will use the cannonical name of the authentication scheme.
By default the scheme can be used to produce the Authorization header in this format:

Authorization: <scheme> <value>

Example:

Authorization: Basic  ZGVtbzpwQDU1dzByZA==

Authorization: Bearer eyzabcdefhijk

Authorization: CustomScheme abcdef

@markcowl
Copy link
Contributor

  • Will helper APIs provide a canonical name for each of the known authentication types (PascalCase), or will emitters do this?
    • Emitters will do this

@markcowl markcowl added the breaking-change A change that might cause specs or code to break label Jul 23, 2024
@markcowl markcowl added this to the [2024] September milestone Jul 23, 2024
@markcowl
Copy link
Contributor

est: 5

@markcowl markcowl added design:accepted Proposal for design has been discussed and accepted. lib:http feature New feature or request and removed design:needed A design request has been raised that needs a proposal labels Jul 23, 2024
@markcowl
Copy link
Contributor

markcowl commented Sep 4, 2024
edited
Loading

Describe the breaking change
Although values are case-insensitive, changes templates for built-in authentication to use canonical (Pascal) casing instead of lower case

Back-compat design to avoid immediate breaking
None: since the value is mandated to be case-insensitive, no mitigation should be needed.

Impact
This change affecting:

  • ARM
  • Data-plane
  • Existing specs: ~50
  • New specs
  • Emitters
  • SDK

Targeted Sprint
September

Additional information
This change was requested by DPG

@iscai-msft iscai-msft mentioned this issue Sep 16, 2024
Closed
@markcowl markcowl modified the milestones: [2024] October, Backlog Oct 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
breaking-change A change that might cause specs or code to break design:accepted Proposal for design has been discussed and accepted. feature New feature or request lib:http triaged:core
Projects
None yet
Milestone
Backlog
Development

No branches or pull requests
3 participants
@timotheeguerin @markcowl @johanste