Authentication and Authorization¶
If the specification includes a Oauth2 Security Definition compatible with the Zalando Greendale Team’s infrastructure connexion will automatically handle token validation and authorization for operations that have Security Requirements. One main difference between the usual Oauth flow and the one connexion uses is that the API Security Definition must include a ‘x-tokenInfoUrl’ with the url to use to validate and get the token information.
Connexion expects to receive the Oauth token in the
Authorization header field in the format described in
RFC 6750 section 2.1.
For authenticated endpoints connexion will add a
token_info properties to
containing the user name and the full token info of the request.