commit 4d759da7118f39e84e25054fe3648fdcee1251af
author Mitja Nikolaus <mitja@fairphone.com> Tue Aug 28 15:31:29 2018 +0200
committer Mitja Nikolaus <mitja@fairphone.com> Fri Sep 14 10:01:41 2018 +0200
tree a4af0d1aaed723c764d12dc8c3ce6d9ea56bf7d3
parent ff2d1803db6e513a7669634f23ea7b47fa6979d5

Add documentation for authentication methods

Add swagger security definitions to settings and security parameters
to method annotations. Update the automated documentation file.

Issue: HIC-171
Change-Id: I34610f98186fb04664855ecbcfa3736b9c59c6c0

hiccup/settings.py

diff --git a/hiccup/settings.py b/hiccup/settings.py
index 833c02d..9cdb991 100644
--- a/hiccup/settings.py
+++ b/hiccup/settings.py
@@ -204,7 +204,33 @@
 # Automatic documentation generation
 # https://drf-yasg.readthedocs.io/en/stable/index.html
 
-SWAGGER_SETTINGS = {"DEFAULT_INFO": "hiccup.urls.api_info"}
+SWAGGER_SETTINGS = {
+    "DEFAULT_INFO": "hiccup.urls.api_info",
+    "SECURITY_DEFINITIONS": {
+        "Device token authentication": {
+            "type": "apiKey",
+            "name": "Authorization",
+            "in": "header",
+            "description": (
+                "Authenticate using a token that was returned on successful "
+                "registration of a new device. The token can only be used to "
+                "authenticate requests that target the device with the "
+                "matching UUID. The token has to be put in the request header: "
+                "'Authorization: Token <AUTH_TOKEN>'"
+            ),
+        },
+        "Google OAuth": {
+            "type": "oauth2",
+            "flow": "implicit",
+            "authorizationUrl": "/accounts/google/login/callback/",
+            "scopes": {},
+            "description": (
+                "Authenticate using a Google account. Only E-mail addresses "
+                "in the @fairphone.com domain are allowed."
+            ),
+        },
+    },
+}
 
 try:
     from local_settings import *  # noqa: F403,F401 pylint: disable=W0401,W0614