livingsocial · nicksieger · Nov 23, 2016 · Oct 18, 2016 · Oct 24, 2016 · Oct 24, 2016
diff --git a/README.md b/README.md
@@ -156,8 +156,9 @@ end
 ```
 
 ## Authorization ##
+### API Key auth ###
 
-Currently, SwaggerYard only supports API Key auth descriptions. Start by adding `@authorization` to your `ApplicationController`.
+SwaggerYard supports API Key auth descriptions. Start by adding `@authorization` to your `ApplicationController`.
 
 ```ruby
 #
@@ -177,6 +178,28 @@ class PetController < ApplicationController
 end
 ```
 
+### Custom security definitions (OAuth2) ###
+
+Additionally SwaggerYard also supports custom [security definitions](http://swagger.io/specification/#securityDefinitionsObject). You can define these in your configuration like:
+
+```ruby
+SwaggerYard.configure do |config|
+  config.security_definitions['petstore_oauth'] = {
+    type: "oauth2",
+    authorizationUrl: "http://swagger.io/api/oauth/dialog",
+    flow: :implicit
+  }
+end
+```
+
+Then you can also use these authorizations from your controller or actions in a controller.
+
+```ruby
+# @authorize_with petstore_oauth
+class PetController < ApplicationController
+end
+```
+
 ## UI ##
 
 We suggest using something like [swagger-ui_rails](https://github.com/3scale/swagger-ui_rails/tree/dev-2.1.3) for your UI needs inside of Rails.

diff --git a/lib/swagger_yard/configuration.rb b/lib/swagger_yard/configuration.rb
@@ -6,6 +6,7 @@ class Configuration
     attr_accessor :enable, :reload
     attr_accessor :controller_path, :model_path
     attr_accessor :path_discovery_function
+    attr_accessor :security_definitions
 
     def initialize
       self.swagger_version = "2.0"
@@ -14,6 +15,7 @@ def initialize
       self.reload = true
       self.title = "Configure title with SwaggerYard.config.title"
       self.description = "Configure description with SwaggerYard.config.description"
+      self.security_definitions = {}
     end
 
     def swagger_spec_base_path=(ignored)

diff --git a/lib/swagger_yard/resource_listing.rb b/lib/swagger_yard/resource_listing.rb
@@ -43,7 +43,10 @@ def model_objects
     end
 
     def security_objects
-      Hash[authorizations.map {|auth| [auth.name, auth.to_h]}]
+      controllers # triggers controller parsing in case it did not happen before
+      SwaggerYard.config.security_definitions.merge(
+        Hash[authorizations.map {|auth| [auth.name, auth.to_h]}]
+      )
     end
 
     private

diff --git a/spec/fixtures/resource_listing/goodbye_controller.rb b/spec/fixtures/resource_listing/goodbye_controller.rb
@@ -1,4 +1,6 @@
 # @resource Farewell
+#
+# @authorization [api_key] header X-APPLICATION-API-KEY
 class FarewellController
   # @path [GET] /goodbye
   def index

diff --git a/spec/lib/swagger_yard/resource_listing_spec.rb b/spec/lib/swagger_yard/resource_listing_spec.rb
@@ -63,4 +63,19 @@ def show
 
     expect(hash['paths'].keys).to contain_exactly('/bonjour', '/goodbye')
   end
+
+  context '#security_objects' do
+    before { SwaggerYard.config.security_definitions = security_definitions }
+
+    let (:security_definitions) { {key: "value"} }
+
+    it 'contains constructors authorizations' do
+      actual_security_object = multi_resource_listing.security_objects
+      expected_security_object = {"type" => "apiKey", "name" => "X-APPLICATION-API-KEY", "in" => "header"}
+      expect(actual_security_object).to include("header_x_application_api_key" => expected_security_object)
+    end
+    it 'merges config authorizations' do
+      expect(multi_resource_listing.security_objects).to include(security_definitions)
+    end
+  end
 end