[REQ] [JAVA] [SPRING] add option to pass authorization token in a method parameter instead of interceptor

[adamslaski]

Problem

My service is written in Java Spring and I want to use open feign for rest clients. My service performs simultaneously multiple actions, each on behalf of a different principal. As of now an interceptor the only option to authorize requests, and it is cumbersome to use interceptor in my service, as the interceptor have no easy way of knowing what principal to use.

Solution

I would like to pass authorization in a method parameter instead of using interceptor. E.g.

    String somethingGet(@RequestHeader(value = "Authorization") String auth);

[Picazsoo]

I haven't checked manually, but you might be able to do this in OpenAPI Generator by modeling Authorization as an explicit header parameter on the operation.
That might cause the generated Spring/Feign method to accept auth per call (instead of relying only on a RequestInterceptor).

OpenAPI example of a header definition below:

openapi: 3.0.3
info:
  title: Per-call auth example
  version: 1.0.0

paths:
  /something:
    get:
      operationId: somethingGet
      parameters:
        - in: header
          name: Authorization
          required: true
          description: 'Bearer token, e.g. "Bearer <jwt>"'
          schema:
            type: string
      responses:
        '200':
          description: OK
          content:
            text/plain:
              schema:
                type: string

With Spring/Feign generation, this hopefully should produce a method parameter for that header - something like:

String somethingGet(@RequestHeader("Authorization") String authorization);

Please let me know whether this works or not...