feat: API key and HTTP basic authentication support#24
Open
halotukozak wants to merge 26 commits intomasterfrom
Open
feat: API key and HTTP basic authentication support#24halotukozak wants to merge 26 commits intomasterfrom
halotukozak wants to merge 26 commits intomasterfrom
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Adds first-class OpenAPI security scheme support (API key + HTTP Basic, alongside Bearer/backward-compat) to the parsing and codegen pipeline, and wires Gradle plugin shared-type generation to reflect spec-defined authentication.
Changes:
- Introduces
SecurityScheme/ApiKeyLocationin the core model and parses globalsecuritySchemes+securityusage from OpenAPI. - Generates auth-aware
ApiClientBase.applyAuth()and security-aware client constructors (with backward-compat behavior for legacy Bearer-only usage). - Updates Gradle plugin to feed spec files into shared type generation; adds extensive unit + functional tests.
Reviewed changes
Copilot reviewed 13 out of 13 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| plugin/src/main/kotlin/com/avsystem/justworks/gradle/JustworksSharedTypesTask.kt | Adds specFiles input and parses specs to drive shared ApiClientBase auth generation. |
| plugin/src/main/kotlin/com/avsystem/justworks/gradle/JustworksPlugin.kt | Wires each spec into the shared types task for security scheme extraction. |
| plugin/src/functionalTest/kotlin/com/avsystem/justworks/gradle/JustworksPluginFunctionalTest.kt | Functional coverage for security-aware vs backward-compatible ApiClientBase. |
| core/src/test/resources/security-schemes-spec.yaml | Fixture spec covering Bearer/apiKey/header+query/basic. |
| core/src/test/kotlin/com/avsystem/justworks/core/parser/SpecParserSecurityTest.kt | Unit tests for security scheme extraction/filtering. |
| core/src/test/kotlin/com/avsystem/justworks/core/gen/ClientGeneratorTest.kt | Constructor generation tests for various security scheme sets. |
| core/src/test/kotlin/com/avsystem/justworks/core/gen/ApiClientBaseGeneratorTest.kt | Tests for generated constructor params and applyAuth() body per scheme. |
| core/src/main/kotlin/com/avsystem/justworks/core/parser/SpecParser.kt | Extracts referenced security schemes from components + global security requirements. |
| core/src/main/kotlin/com/avsystem/justworks/core/model/ApiSpec.kt | Adds SecurityScheme model and ApiSpec.securitySchemes. |
| core/src/main/kotlin/com/avsystem/justworks/core/gen/Names.kt | Adds BASE64_CLASS for Basic auth generation. |
| core/src/main/kotlin/com/avsystem/justworks/core/gen/CodeGenerator.kt | Passes security schemes into shared-type generation. |
| core/src/main/kotlin/com/avsystem/justworks/core/gen/ClientGenerator.kt | Generates security-aware constructors and super-calls. |
| core/src/main/kotlin/com/avsystem/justworks/core/gen/ApiClientBaseGenerator.kt | Generates scheme-dependent auth params + dynamic applyAuth() implementation. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
core/src/main/kotlin/com/avsystem/justworks/core/gen/shared/ApiClientBaseGenerator.kt
Outdated
Show resolved
Hide resolved
plugin/src/main/kotlin/com/avsystem/justworks/gradle/JustworksPlugin.kt
Outdated
Show resolved
Hide resolved
plugin/src/main/kotlin/com/avsystem/justworks/gradle/JustworksSharedTypesTask.kt
Outdated
Show resolved
Hide resolved
4 tasks
Coverage Report
|
…tion Parse security schemes (Bearer, Basic, ApiKey) from OpenAPI specs and generate auth-aware ApiClientBase with corresponding constructor parameters and header/query injection. Wire spec files into JustworksSharedTypesTask for security scheme extraction. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
halotukozak
force-pushed
the
feat/security-schemes
branch
from
0c0cb14 to
2cd275d
Compare
# Conflicts: # core/src/main/kotlin/com/avsystem/justworks/core/gen/ClientGenerator.kt # core/src/main/kotlin/com/avsystem/justworks/core/gen/CodeGenerator.kt # core/src/main/kotlin/com/avsystem/justworks/core/gen/shared/ApiClientBaseGenerator.kt # core/src/test/kotlin/com/avsystem/justworks/core/gen/ApiClientBaseGeneratorTest.kt # core/src/test/kotlin/com/avsystem/justworks/core/gen/ClientGeneratorTest.kt
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 17 out of 17 changed files in this pull request and generated 6 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
core/src/main/kotlin/com/avsystem/justworks/core/gen/CodeGenerator.kt
Outdated
Show resolved
Hide resolved
plugin/src/main/kotlin/com/avsystem/justworks/gradle/JustworksPlugin.kt
Outdated
Show resolved
Hide resolved
core/src/main/kotlin/com/avsystem/justworks/core/gen/shared/ApiClientBaseGenerator.kt
Outdated
Show resolved
Hide resolved
core/src/main/kotlin/com/avsystem/justworks/core/gen/shared/ApiClientBaseGenerator.kt
Outdated
Show resolved
Hide resolved
core/src/main/kotlin/com/avsystem/justworks/core/gen/shared/ApiClientBaseGenerator.kt
Outdated
Show resolved
Hide resolved
…d replace `warn` with `accumulate` - Replace mutable property list with direct property creation in `classBuilder`. - Remove redundant `warn` function and centralize warning handling using `accumulate`. - Update context receiver parameter names in `ArrowHelpers` for clarity. - Enforce non-null checks and ensure consistent warning accumulation in `SpecParser`.
…syntax - Move `primaryConstructor` invocation back to `classBuilder`. - Adjust context receiver parameter syntax for improved consistency and readability. - Ensure `securitySchemes` are deduplicated by name in `CodeGenerator`.
…ng security schemes - Delete unused `no securitySchemes` test in `ClientGeneratorTest`. - Add warning for conflicting security scheme types in `JustworksSharedTypesTask`.
…cheme extraction Deduplicate SpecParser by extracting loadOpenApi() and parseSpec() helpers. Add parseSecuritySchemes() for lightweight extraction without full schema resolution. Make ParseResult generic to support both ApiSpec and List<SecurityScheme> results. Update JustworksSharedTypesTask to use the lightweight method, avoiding double full-parse of spec files. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
# Conflicts: # core/src/main/kotlin/com/avsystem/justworks/core/gen/client/ClientGenerator.kt
# Conflicts: # core/src/main/kotlin/com/avsystem/justworks/core/gen/client/ClientGenerator.kt
…neration - Generate authentication handling for security schemes (Bearer, Basic, API Key). - Document security scheme support and configuration in README. - Refactor `ApiResponseGenerator` to include security scheme logic. - Update tests to validate security scheme handling.
MattK97
requested changes
Apr 9, 2026
core/src/main/kotlin/com/avsystem/justworks/core/gen/shared/ApiClientBaseGenerator.kt
Outdated
Show resolved
Hide resolved
plugin/src/main/kotlin/com/avsystem/justworks/gradle/JustworksSharedTypesTask.kt
Outdated
Show resolved
Hide resolved
core/src/main/kotlin/com/avsystem/justworks/core/gen/shared/ApiClientBaseGenerator.kt
Outdated
Show resolved
Hide resolved
core/src/main/kotlin/com/avsystem/justworks/core/ArrowHelpers.kt
Outdated
Show resolved
Hide resolved
core/src/main/kotlin/com/avsystem/justworks/core/parser/SpecParser.kt
Outdated
Show resolved
Hide resolved
…ArrowHelpers` and update `SpecParser` usage
…h parameter generation - Move `AuthParam` logic to a dedicated file. - Simplify `buildAuthConstructorParams` and authentication handling in `ApiClientBaseGenerator`.
…ation and client base generator - Update `ApiClientBaseGenerator` to remove explicit dependencies on `SecurityScheme`. - Simplify `JustworksSharedTypesTask` by removing security schemes extraction. - Streamline `CodeGenerator` and `ClientGenerator` to simplify API client construction and shared type generation. - Update tests to match new design.
…ze identifier generation specTitle is a generation concern, not a property of the scheme itself. Move it to ClientGenerator where the spec context is available, keeping SecurityScheme a pure domain model. Also strip non-alphanumeric chars in toPascalCase so free-text titles like "Payments API (v2)" produce valid Kotlin identifiers. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ation tests - Update security schemes docs to reflect specTitle scoping and per-client applyAuth() override (not in ApiClientBase) - Remove unused SpecParser.parseSecuritySchemes() method - Add toPascalCase tests for special character stripping - Cache paramNames() call in query scheme loop Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ulate helper - Explicit Charsets.UTF_8 in generated Basic auth toByteArray() per RFC 7617 - Add applyAuth body assertions for all 4 scheme types in ClientGeneratorTest - Add accumulate() Unit helper for side-effect-only warning accumulation - Pre-compute paramNames() once in buildApplyAuth instead of per-loop Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…scheme handling in `ClientGenerator` - Introduce `AuthParam` sealed interface to represent auth parameters. - Update `ClientGenerator` to use `toAuthParam`, simplifying authentication handling. - Refactor header and query parameter generation to leverage `AuthParam` types instead of raw strings.
…nerator` security scheme handling - Separate `toAuthParam` methods for each security scheme type, improving readability. - Refactor header and query param logic to directly use security schemes without intermediate mappings. - Rename `schemaModelsScope` to `memoScope` for clarity in `Hierarchy` logic.
…naming and formatting - Rename `Bearer` suffix to `Token` for improved clarity. - Simplify `ApiKey` constructor by removing redundant suffix.
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 30 out of 30 changed files in this pull request and generated 15 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
core/src/main/kotlin/com/avsystem/justworks/core/gen/client/ClientGenerator.kt
Show resolved
Hide resolved
core/src/main/kotlin/com/avsystem/justworks/core/gen/client/ClientGenerator.kt
Show resolved
Hide resolved
core/src/main/kotlin/com/avsystem/justworks/core/gen/client/ClientGenerator.kt
Show resolved
Hide resolved
core/src/main/kotlin/com/avsystem/justworks/core/gen/client/ClientGenerator.kt
Show resolved
Hide resolved
core/src/main/kotlin/com/avsystem/justworks/core/gen/client/ClientGenerator.kt
Show resolved
Hide resolved
plugin/src/main/kotlin/com/avsystem/justworks/gradle/JustworksGenerateTask.kt
Show resolved
Hide resolved
core/src/test/kotlin/com/avsystem/justworks/core/parser/SpecParserTestBase.kt
Show resolved
Hide resolved
core/src/test/kotlin/com/avsystem/justworks/core/gen/CodeGeneratorTest.kt
Show resolved
Hide resolved
…rt global token param and Bearer auth inheritance - Add `token` lambda as a constructor parameter in `ApiClientBase`. - Update `applyAuth` to include Bearer token logic in `ApiClientBase`. - Simplify client-specific `applyAuth` for single Bearer scheme to rely on base class. - Refactor `ClientGenerator` to handle token inheritance for shared authentication logic.
…` for per-client auth logic - Remove `token` lambda from `ApiClientBase` constructor and its associated Bearer auth handling. - Refactor `applyAuth` to be a no-op in `ApiClientBase`, leaving auth implementation to per-client overrides. - Update `ClientGenerator` to support per-client authentication setup. - Modify tests to align with the new per-client authentication model.
- Add handling for warnings regarding undefined schemes and unsupported types (Digest and OAuth2). - Expand `SpecParserSecurityTest` with new test cases for excluded and unreferenced schemes. - Update `security-schemes-spec.yaml` to include new scheme entries for testing.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
SecuritySchemesealed interface model (Bearer, ApiKey with header/query, Basic)SpecParserto extractsecuritySchemesfrom OpenAPI spec and resolve globalsecurityreferencesapplyAuth()generation inApiClientBaseGenerator— conditional logic per scheme typeClientGenerator— backward-compatible (tokenfor single Bearer)JustworksSharedTypesTaskfor end-to-end security scheme generationSpecParser.parseSecuritySchemes()method for shared types task — avoids full spec re-parseTest plan
SpecParserSecurityTest— 8 tests for scheme extraction (bearer, apiKey header/query, basic, filtering)ApiClientBaseGeneratorTest— 24 tests including dynamic applyAuth for all scheme typesClientGeneratorTest— 28 tests including security-aware constructorsJustworksPluginFunctionalTest— 2 functional tests for on-disk ApiClientBase with security🤖 Generated with Claude Code