Auth support for schema $refs in AsyncAPI files

[rospe]

Use Case

Our AsyncAPI messages usually hold a reference to an external schema. Accessing this external schema is protected, I would need to send an OAuth2 access token along. Currently the generation job fails with a 401.

Proposed Solution

Since every external website requires a different kind of authentication, a configuration file with a map from authority (host name) to security mechanism is required.
In my case, that would be OAuth with client credentials, so I would like to provide the token server URL, client id and secret.

Implementation Notes

The implementation should be able to handle the lookup for the security mechanism for each reference in the config, download an active token if required and use that as bearer token in the request.
Reusing the token for further requests as long as it is valid is recommended.

Community Notes

• Please vote by adding a 👍 reaction to the issue to help us prioritize.
• If you are interested to work on this issue, please leave a comment.
• If this issue is labeled needs-discussion, it means the spec has not been finalized yet. Please reach out in the EventCatalog Discord.