How to use custom authorization


#1

Hello.
I would like to use custom header (X-Auth-Token) to authorize user ? How can I do that ?

Even when I create new securityScheme in the try it tool I only can select the Anonymous (BTW how to disable that ?) or my custom header but still there is no way to user to give the token value.

Best regards,
Paweł Borecki.


#2

Hi Pawel, here is an example of an Oauth2 security schema definition that may help you:

#%RAML 0.8
title: Rate Finder API
baseUri: http://localhost:8081/api
securedBy: [oauth_2_0]
documentation:
  - title: Rate API
    content: |
      This API allows you to find products and their associated costs.
securitySchemes:
    - oauth_2_0:
        type: OAuth 2.0
        describedBy:
            queryParameters:
                access_token:
                    description: |
                       Used to send a valid OAuth 2 access token. Do not use together with 
                       the "Authorization" header
                    type: string                    
            responses:
                401:
                    description: |
                        Bad or expired token. This can happen if the user or Dropbox
                        revoked or expired an access token. To fix, you should re-
                        authenticate the user.
                403:
                    description: |
                        Bad OAuth request (wrong consumer key, bad nonce, expired
                        timestamp...). Unfortunately, re-authenticating the user won't help here.
        settings:
          authorizationUri: http://localhost:8084/authorize
          accessTokenUri: http://localhost:8084/access-token
          authorizationGrants: [ token ]
/rate:
  get: 
    securedBy: [oauth_2_0]
    description: Retrieve products.

#3

I can find some latest example with RAML 1.0 with oauth 2.0 here : http://forums.raml.org/t/custom-security-scheme-not-showing-up/1469
Hope that help :slight_smile: