Skip to content

refactor!: rewrite as dependency and add security info to OpenAPI schema #163

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
disrupted merged 11 commits into from
Dec 4, 2025
Merged

refactor!: rewrite as dependency and add security info to OpenAPI schema #163

disrupted merged 11 commits into from
Dec 4, 2025

Conversation

@disrupted
Copy link
Member

@disrupted disrupted commented Dec 1, 2025
edited
Loading

close #162

BREAKING CHANGE: rewrite middleware as FastAPI dependency

Middleware is always a global handler on app-level. Authentication should use the dependency pattern which allows more granularity. Therefore the exclude parameter is no longer needed. FastAPI infers the security information for the OpenAPI schema from the SecurityScheme Model which is returned by the dependency.

Usage

jwks_auth = JWKSAuth(jwks_validator=...)

# global: protect all endpoints
app = FastAPI(dependencies=[Security(jwks_auth)])

# specific API router
app.include_router(APIRouter(dependencies=[Security(jwks_auth)]))

# specific route
@app.get("/test")
def get_test_route(credentials: Annotated[JWKSAuthCredentials[FakeToken], Security(jwks_auth)]):
    ...

@disrupted disrupted self-assigned this Dec 1, 2025
@disrupted disrupted changed the title feat!: refactor as dependency and add security info to OpenAPI schema refactor!: rewrite as dependency and add security info to OpenAPI schema Dec 1, 2025
disrupted
disrupted commented Dec 1, 2025
View reviewed changes
@disrupted disrupted marked this pull request as ready for review December 1, 2025 17:05
sisp
sisp reviewed Dec 1, 2025
View reviewed changes
Copy link
Contributor

@sisp sisp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks for addressing #162 so promptly! 🙇

torbsto
torbsto reviewed Dec 2, 2025
View reviewed changes
@disrupted disrupted merged commit fa5ea24 into main Dec 4, 2025
4 checks passed
@disrupted disrupted deleted the openapi-security branch December 4, 2025 17:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@torbsto torbsto torbsto approved these changes

+1 more reviewer

@sisp sisp sisp left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@disrupted disrupted

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Security information is missing in generated OpenAPI spec

4 participants

@disrupted @sisp @torbsto