Skip to content

Update description on bearer auth #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
shunam wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update description on bearer auth #7

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a9901a4
update description on bearerAuth security schemes
shunam Aug 8, 2024
d0c42ed
add new line at the end of file
shunam Aug 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 10 additions & 13 deletions fortytools.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,7 @@ security:
user: []
validuntil: []
signature: []
- ClientCredentials: []
BearerAuth: []
- bearerAuth: []
tags:
- name: Account
description: Accounts as in Accounting
Expand Down Expand Up @@ -1494,7 +1493,7 @@ paths:
tags:
- Oauth
description: |
Authenticate client ID and client secret to get access token
Get access token
Copy link
Contributor

@bigsolom bigsolom Aug 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's fine to keep the long line as it was it you want, redocly will display the whole line underneath the title anyway
Screenshot 2024-08-09 at 09 23 02

security: []
requestBody:
description: the client id and client secret that you get from ERP.
Expand Down Expand Up @@ -3207,14 +3206,12 @@ components:
`sha2($client_user_api_token + ':' + $app_token + ':' + $validuntil)`
name: signature
in: query
ClientCredentials:
type: oauth2
description: look at Oauth documentation
flows:
clientCredentials:
tokenUrl: https://app.fortytools.com/api/v2/token/
scopes: {}
BearerAuth:
bearerAuth:
type: http
scheme: Bearer
description: get access token from oauth2
scheme: bearer
description: |
Copy link
Contributor

@bigsolom bigsolom Aug 9, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would suggest to add a general description somewhere (maybe here) to how the whole authentication flow looks like

  1. getting uid and secret from client settings in app.fortytools.com
  2. getting access token from ...
  3. use this access token in each API request as a header Authorization: Bearer .....

And by the way in case the toke expires, how would the client get a new token? should they call the same endpoint with client_id and client_secret again? Please document this as well

get access token from endpoint [token](#tag/Oauth/paths/~1token/post)

then add it to Authorization request header as follow:

`Authorization: Bearer <access token>`