Security Definitions in Swagger

[kush-jain]

For authenticating APIs, users need to add information in profiles, and addHeaders hook in ATLAS.

However, besides simple Token Auth/Cookie Auth, there may be other authentication mechanisms present such as OAuth.

Swagger can specify different security mechanisms, which we can try to provide limited support to.

For example, for OAuth mechanism, we could provide an automated system to get the token, and then refresh the token when it is expired.

This is a complicated ticket, and to pick this up, following needs to be defined beforehand:

• Security definitions which are going to be supported
  

• A base setup for the security interface
  

• A common interface for the users so they need to enter a minimal amount of information.
  

• If there are multiple security definitions, then we need to decide the priority order
  

• For each security definition, a new issue might be created if required