Security¶
Authentication and Authorization¶
If the specification includes a Oauth2 Security Definition compatible with the Zalando Greendale Team’s infrastructure connexion will automatically handle token validation and authorization for operations that have Security Requirements. One main difference between the usual Oauth flow and the one connexion uses is that the API Security Definition must include a ‘x-tokenInfoUrl’ with the url to use to validate and get the token information.
Connexion expects to receive the Oauth token in the Authorization
header field in the format described in
RFC 6750 section 2.1.
For authenticated endpoints connexion will add a user
and token_info
properties to connexion.request
containing the user name and the full token info of the request.