CtrlK
BlogDocsLog inGet started
Tessl Logo

tessl/pypi-openapi3-parser

OpenAPI v3 parser that transforms specification documents into structured Python objects for programmatic access and manipulation

Pending
Overview
Eval results
Files

security-system.mddocs/

Security System

The security system provides comprehensive authentication and authorization scheme definitions for OpenAPI specifications. This includes API key authentication, HTTP authentication schemes, OAuth 2.0 flows, and OpenID Connect configurations with complete flow definitions and security requirements.

Capabilities

Security Scheme Definition

Defines security schemes that can be used to secure API operations.

@dataclass
class Security:
    type: SecurityType
    location: Optional[BaseLocation] = None
    description: Optional[str] = None
    name: Optional[str] = None
    scheme: Optional[AuthenticationScheme] = None
    bearer_format: Optional[str] = None
    flows: dict[OAuthFlowType, OAuthFlow] = field(default_factory=dict)
    url: Optional[str] = None
    extensions: Optional[dict] = field(default_factory=dict)

Properties:

  • type: Security scheme type (apiKey, http, oauth2, openIdConnect)
  • location: Parameter location for API key schemes (header, query, cookie)
  • description: Human-readable description of the security scheme
  • name: Parameter name for API key schemes
  • scheme: HTTP authentication scheme (basic, bearer, digest, etc.)
  • bearer_format: Hint about bearer token format (e.g., "JWT")
  • flows: OAuth 2.0 flow configurations by flow type
  • url: OpenID Connect discovery URL
  • extensions: Custom security scheme extensions

OAuth Flow Configuration

Defines OAuth 2.0 authorization flow configurations with URLs and scopes.

@dataclass
class OAuthFlow:
    refresh_url: Optional[str] = None
    authorization_url: Optional[str] = None
    token_url: Optional[str] = None
    scopes: dict[str, str] = field(default_factory=dict)
    extensions: Optional[dict] = field(default_factory=dict)

Properties:

  • refresh_url: URL for refreshing tokens
  • authorization_url: Authorization endpoint URL (for authorization code and implicit flows)
  • token_url: Token endpoint URL (for authorization code, password, and client credentials flows)
  • scopes: Available OAuth scopes mapped to their descriptions
  • extensions: Custom OAuth flow extensions

Usage Examples

Access security schemes:

from openapi_parser import parse
from openapi_parser.enumeration import SecurityType, AuthenticationScheme

spec = parse('api-spec.yml')

# List all security schemes
for name, security in spec.security_schemas.items():
    print(f"Security scheme: {name}")
    print(f"  Type: {security.type.value}")
    
    if security.type == SecurityType.API_KEY:
        print(f"  Parameter: {security.name} (in {security.location.value})")
    
    elif security.type == SecurityType.HTTP:
        print(f"  Scheme: {security.scheme.value}")
        if security.bearer_format:
            print(f"  Bearer format: {security.bearer_format}")
    
    elif security.type == SecurityType.OAUTH2:
        print(f"  OAuth flows:")
        for flow_type, flow in security.flows.items():
            print(f"    {flow_type.value}:")
            if flow.authorization_url:
                print(f"      Auth URL: {flow.authorization_url}")
            if flow.token_url:
                print(f"      Token URL: {flow.token_url}")
            if flow.scopes:
                print(f"      Scopes: {', '.join(flow.scopes.keys())}")
    
    elif security.type == SecurityType.OPEN_ID_CONNECT:
        print(f"  OpenID Connect URL: {security.url}")

Check operation security requirements:

# Examine security requirements for operations
for path in spec.paths:
    for operation in path.operations:
        if operation.security:
            print(f"{operation.method.value.upper()} {path.url}")
            
            for requirement in operation.security:
                for scheme_name, scopes in requirement.items():
                    if scopes:
                        print(f"  Requires {scheme_name} with scopes: {', '.join(scopes)}")
                    else:
                        print(f"  Requires {scheme_name}")

Working with OAuth flows:

# Find OAuth 2.0 security schemes and their flows
for name, security in spec.security_schemas.items():
    if security.type == SecurityType.OAUTH2:
        print(f"OAuth 2.0 scheme: {name}")
        
        for flow_type, flow in security.flows.items():
            print(f"  Flow: {flow_type.value}")
            
            # Show available scopes
            if flow.scopes:
                print(f"    Available scopes:")
                for scope, description in flow.scopes.items():
                    print(f"      {scope}: {description}")
            
            # Show flow URLs
            if flow.authorization_url:
                print(f"    Authorization URL: {flow.authorization_url}")
            if flow.token_url:
                print(f"    Token URL: {flow.token_url}")
            if flow.refresh_url:
                print(f"    Refresh URL: {flow.refresh_url}")

API key security examples:

# Find API key security schemes
for name, security in spec.security_schemas.items():
    if security.type == SecurityType.API_KEY:
        print(f"API Key scheme: {name}")
        print(f"  Parameter: {security.name}")
        print(f"  Location: {security.location.value}")
        
        if security.description:
            print(f"  Description: {security.description}")

HTTP authentication examples:

# Find HTTP authentication schemes
for name, security in spec.security_schemas.items():
    if security.type == SecurityType.HTTP:
        print(f"HTTP auth scheme: {name}")
        print(f"  Scheme: {security.scheme.value}")
        
        if security.scheme == AuthenticationScheme.BEARER and security.bearer_format:
            print(f"  Bearer format: {security.bearer_format}")
        
        if security.description:
            print(f"  Description: {security.description}")

Install with Tessl CLI

npx tessl i tessl/pypi-openapi3-parser

docs

core-parsing.md

index.md

operations-and-paths.md

schema-system.md

security-system.md

specification-structure.md

type-system-and-enums.md

tile.json