Authentication and Authorization¶
If the specification includes a Oauth2 Security Definition compatible with the
Zalando Greendale Team’s infrastructure connexion will automatically handle token validation and authorization for
operations that have Security Requirements. One main difference between the usual
Oauth flow and the one connexion uses is that the API Security Definition must include a ‘x-tokenInfoUrl’ with the
url to use to validate and get the token information.
Connexion expects to receive the Oauth token in the
Authorization header field in the format described in
RFC 6750 section 2.1.