Add bearer security

security/hierarchy/README.md

@@ -10,6 +10,8 @@ of the security DSLs:
   security scheme that uses an API key.
 * [BasicAuthSecurity](https://pkg.go.dev/goa.design/goa/v3/dsl#BasicAuthSecurity)
   defines a security scheme that uses basic auth.
+* [BearerSecurity](https://pkg.go.dev/goa.design/goa/v3/dsl#BearerSecurity) defines a
+  security scheme that uses bearer tokens.
 * [JWTSecurity](https://pkg.go.dev/goa.design/goa/v3/dsl#JWTSecurity) defines a security
   scheme that uses JWT tokens.
 * [OAuth2Security](https://pkg.go.dev/goa.design/goa/v3/dsl#OAuth2Security) defines a
@@ -129,6 +131,7 @@ shows the basic auth security scheme defined at the API level being applied.
 
 The [generated endpoints code](https://github.com/goadesign/examples/tree/master/security/hierarchy/gen/api_key_service/endpoints.go)
 code the `api_key_service` shows the API key scheme applied the default
-endpoint (using the security scheme defined at the service leve), the JWT
+endpoint (using the security scheme defined at the service level), the JWT
 scheme used by the `secure` method that overrides the default set at the
-service level and the `unsecure` method with no security scheme applied.
+service level, the bearer scheme used by the `bearer_secure` method and the
+`unsecure` method with no security scheme applied.

security/hierarchy/api_key_service.go

@@ -60,6 +60,26 @@ func (s *apiKeyServicesrvc) JWTAuth(ctx context.Context, token string, scheme *s
 	return ctx, fmt.Errorf("not implemented")
 }
 
+// BearerAuth implements the authorization logic for service "api_key_service"
+// for the "bearer" security scheme.
+func (s *apiKeyServicesrvc) BearerAuth(ctx context.Context, token string, scheme *security.BearerScheme) (context.Context, error) {
+	//
+	// TBD: add authorization logic.
+	//
+	// In case of authorization failure this function should return
+	// one of the generated error structs, e.g.:
+	//
+	//    return ctx, myservice.MakeUnauthorizedError("invalid token")
+	//
+	// Alternatively this function may return an instance of
+	// goa.ServiceError with a Name field value that matches one of
+	// the design error names, e.g:
+	//
+	//    return ctx, goa.PermanentError("unauthorized", "invalid token")
+	//
+	return ctx, fmt.Errorf("not implemented")
+}
+
 // Default implements default.
 func (s *apiKeyServicesrvc) Default(ctx context.Context, p *apikeyservice.DefaultPayload) (err error) {
 	s.logger.Print("apiKeyService.default")
@@ -72,6 +92,12 @@ func (s *apiKeyServicesrvc) Secure(ctx context.Context, p *apikeyservice.SecureP
 	return
 }
 
+// This method requires a bearer token.
+func (s *apiKeyServicesrvc) BearerSecure(ctx context.Context, p *apikeyservice.BearerSecurePayload) (err error) {
+	s.logger.Print("apiKeyService.bearer_secure")
+	return
+}
+
 // This method is not secured.
 func (s *apiKeyServicesrvc) Unsecure(ctx context.Context) (err error) {
 	s.logger.Print("apiKeyService.unsecure")

security/hierarchy/design/README.md

@@ -10,6 +10,8 @@ of the security DSLs:
   security scheme that uses an API key.
 * [BasicAuthSecurity](https://pkg.go.dev/goa.design/goa/v3/dsl#BasicAuthSecurity)
   defines a security scheme that uses basic auth.
+* [BearerSecurity](https://pkg.go.dev/goa.design/goa/v3/dsl#BearerSecurity) defines a
+  security scheme that uses bearer tokens.
 * [JWTSecurity](https://pkg.go.dev/goa.design/goa/v3/dsl#JWTSecurity) defines a security
   scheme that uses JWT tokens.
 * [OAuth2Security](https://pkg.go.dev/goa.design/goa/v3/dsl#OAuth2Security) defines a
@@ -129,6 +131,7 @@ shows the basic auth security scheme defined at the API level being applied.
 
 The [generated endpoints code](https://github.com/goadesign/examples/tree/master/security/hierarchy/gen/api_key_service/endpoints.go)
 code the `api_key_service` shows the API key scheme applied the default
-endpoint (using the security scheme defined at the service leve), the JWT
+endpoint (using the security scheme defined at the service level), the JWT
 scheme used by the `secure` method that overrides the default set at the
-service level and the `unsecure` method with no security scheme applied.
+service level, the bearer scheme used by the `bearer_secure` method and the
+`unsecure` method with no security scheme applied.

security/hierarchy/design/design.go

@@ -19,6 +19,11 @@ var JWTAuth = JWTSecurity("jwt", func() {
 	Description(`Secures endpoint by requiring a valid JWT token.`)
 })
 
+// BearerAuth defines a security scheme that uses bearer tokens.
+var BearerAuth = BearerSecurity("bearer", func() {
+	Description(`Secures endpoint by requiring a bearer token.`)
+})
+
 var _ = API("hierarchy", func() {
 	Title("Security Example API")
 	Description("This API demonstrates the effect of using Security at the API, Service or Method levels")
@@ -69,6 +74,20 @@ var _ = Service("api_key_service", func() {
 		HTTP(func() { GET("/secure") })
 	})
 
+	Method("bearer_secure", func() {
+		Security(BearerAuth)
+		Description("This method requires a bearer token.")
+
+		Payload(func() {
+			BearerToken("bearer_token", String, func() {
+				Description("Bearer token used for authentication")
+			})
+			Required("bearer_token")
+		})
+
+		HTTP(func() { GET("/bearer") })
+	})
+
 	Method("unsecure", func() {
 		Description("This method is not secured.")
 		NoSecurity()