Authentication and Authorization

If the specification includes a Oauth2 Security Definition compatible with the Zalando Greendale Team’s infrastructure connexion will automatically handle token validation and authorization for operations that have Security Requirements. One main difference between the usual Oauth flow and the one connexion uses is that the API Security Definition must include a ‘x-tokenInfoUrl’ with the url to use to validate and get the token information.

Connexion expects to receive the Oauth token in the Authorization header field in the format described in RFC 6750 section 2.1.

For authenticated endpoints connexion will add a user and token_info properties to connexion.request containing the user name and the full token info of the request.