How to use OAuth2 with new version 3.0.2?

[jagdish-176]

I have migrated from swagger-tools to oas-tools@2.x.x and now trying to migrate from 2.x to 3.x

Previously with 2.x I have security handler as below where I could get token for verification
OAuth2 = async (req, def, scopes, next) =>{ /*validate token from req.Authorization */}

Now with 3.x, I'm unable to get token. I would appreciate quick help on this
OAuth2: (secDef, secScope) => { /* OAuth authentication */ } // How do we get token here?

[alesancor1]

Are you sure you are using the right type of Authentication?

OAuth2 doesn't require a token in the Authorization header, it uses other methods to get the token, like an authorization URL (which is defined in the secDef object). Check the OpenAPI documentation about OAuth2.

If you want to use a token in the Authorization header consider using HTTP basic or bearer authentication types. Also, check out the Authentication Middleware, which provides JWT implementation for bearer token.

[frogburger]

Actually you pass the access_ token to the API, this is the case for client credentials flows for example. So by just having the secdef and the scopes, makes the oauth2 security fairly useless... Systematically passing the req for the security handler will actually be extremely useful...