Skip to content

feat(auth): expose auth placeholders as empty collection variables on import (closes #894)#942

Open
Mrsandeep27 wants to merge 1 commit into
postmanlabs:developfrom
Mrsandeep27:fix/auth-collection-variables-894
Open

feat(auth): expose auth placeholders as empty collection variables on import (closes #894)#942
Mrsandeep27 wants to merge 1 commit into
postmanlabs:developfrom
Mrsandeep27:fix/auth-collection-variables-894

Conversation

@Mrsandeep27

Copy link
Copy Markdown

Context

Closes #894.

When the imported OpenAPI spec declares a security scheme, `getAuthHelper` produces an auth block whose values template Postman variables:

```js
{ type: 'basic', basic: [
{ key: 'username', value: '{{basicAuthUsername}}' },
{ key: 'password', value: '{{basicAuthPassword}}' }
]}
```

…but those variables were never pushed into `collection.variable`. On first send the user hit an "unresolved variable" warning and had to hunt for where to put credentials — while `baseUrl` (which is treated the same way) already appears in the Variables tab waiting to be filled.

Change

Mirror the existing `baseUrl` flow. After `generatedStore.collection.auth = authHelper` is set in `schemapack.js`, scan the helper for `{{identifier}}` placeholders and add an empty collection-level `Variable` for each unique one.

```js
if (authHelper) {
schemaUtils.getAuthCollectionVariables(authHelper).forEach((element) => {
generatedStore.collection.variables.add(element);
});
}
```

New helper `schemaUtils.getAuthCollectionVariables(authHelper)` recursively walks the helper payload (skipping the `type` field), uses `/{{\s*([A-Za-z0-9_]+)\s*}}/g` to extract placeholder names, de-duplicates with a `Set`, and returns `Variable` objects with empty values.

Design notes:

  • Works uniformly for every scheme that `getAuthHelper` produces — basic, bearer, digest, apiKey, oauth2, oauth1, hawk, awsv4, ntlm, edgegrid — without any per-scheme mapping. Whatever placeholder `getAuthHelper` emits is what gets surfaced.
  • No-op for `{ type: 'noauth' }` and for helpers whose values contain no `{{…}}` tokens (e.g. a future helper that inlines literal values).
  • Values are intentionally empty strings, matching the baseUrl convention for user-supplied values.

Test plan

Extended `test/unit/convertV2.test.js` → 'Should convert a collection and set basic auth placeholder as variable' to additionally assert:

```js
const variableKeys = conversionResult.output[0].data.variable.map((v) => v.key);
expect(variableKeys).to.include('basicAuthUsername');
expect(variableKeys).to.include('basicAuthPassword');
// both should be empty strings
```

  • `npm test` — all existing tests pass; the extended basic-auth case now also verifies the new variables.
  • Import an OpenAPI spec with a `bearer` scheme → confirm `bearerToken` appears in the Variables tab (empty).
  • Import with `digest` / `apiKey` / `oauth2` → confirm the respective placeholders are exposed.
  • Import a spec with no security → `collection.variable` contains only `baseUrl` + any server variables, unchanged.

Out of scope (for follow-up)

  • The 13+ other test cases covering non-basic auth types in `convertV2.test.js` could each get the same assertion block. Happy to add those in this PR if preferred — left them untouched to keep the diff surgical, since the new helper is generic and exercised through the basic-auth path.

🤖 Generated with Claude Code

…mport

When an OpenAPI spec declares a security scheme, the generated Postman
collection's auth block references templates like `{{basicAuthUsername}}`,
`{{basicAuthPassword}}`, `{{bearerToken}}`, etc. Today those variables are
not added to `collection.variable`, so the first time a user sends a
request they hit an "unresolved variable" warning and have to discover
where credentials are expected.

This mirrors the existing `baseUrl` treatment: after `collection.auth` is
set, scan the auth helper for `{{identifier}}` placeholders and push an
empty Variable for each unique one into `collection.variable`. That way
users see all auth credentials alongside `baseUrl` in the Variables tab
and can fill them in one place.

- schemaUtils.getAuthCollectionVariables(authHelper): new helper that
  recursively scans the auth helper payload for `{{...}}` placeholders
  and returns empty collection-level `Variable` objects for each unique
  name. No-op for `noauth`.
- schemapack.js: after setting `generatedStore.collection.auth`, push the
  returned variables alongside `baseUrl`.
- Extended the existing basic-auth test to assert `basicAuthUsername` and
  `basicAuthPassword` now appear as empty entries in
  `collection.variable`.

Works uniformly for all auth schemes that use variable placeholders
(basic, bearer, digest, apiKey, oauth2, …) without needing per-scheme
mappings.

Closes postmanlabs#894

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Add (empty) basicAuthUsername & basicAuthPassword variables for OpenApi import

1 participant