docs: update OAS of reset password routes (#11711)

www/apps/api-reference/components/Tags/Operation/DescriptionSection/Security/index.tsx

@@ -1,6 +1,7 @@
 import { useBaseSpecs } from "@/providers/base-specs"
 import type { OpenAPIV3 } from "openapi-types"
 import { Card } from "docs-ui"
+import { useMemo } from "react"
 
 export type TagsOperationDescriptionSectionSecurityProps = {
   security: OpenAPIV3.SecurityRequirementObject[]
@@ -11,6 +12,15 @@ const TagsOperationDescriptionSectionSecurity = ({
 }: TagsOperationDescriptionSectionSecurityProps) => {
   const { getSecuritySchema } = useBaseSpecs()
 
+  const linkToAuth = useMemo(() => {
+    const hasNoAuth = security.some((item) => {
+      const schema = getSecuritySchema(Object.keys(item)[0])
+      return schema && schema["x-is-auth"] === false
+    })
+
+    return !hasNoAuth
+  }, [security, getSecuritySchema])
+
   const getDescription = () => {
     let str = ""
     security.forEach((item) => {
@@ -27,7 +37,7 @@ const TagsOperationDescriptionSectionSecurity = ({
       <Card
         title="Authorization"
         text={getDescription()}
-        href="#authentication"
+        href={linkToAuth ? "#authentication" : undefined}
       />
     </div>
   )

www/apps/api-reference/types/openapi.ts

@@ -105,6 +105,7 @@ export type PropertiesObject = {
 
 export type SecuritySchemeObject = OpenAPIV3.SecuritySchemeObject & {
   "x-displayName"?: string
+  "x-is-auth"?: boolean
 }
 
 export type Parameter = OpenAPIV3.ParameterObject & {

www/utils/generated/oas-output/base/admin.oas.base.yaml

@@ -749,3 +749,8 @@ components:
       in: cookie
       name: connect.sid
       x-displayName: Cookie Session ID
+    reset_password:
+      type: http
+      x-displayName: Reset Password Token
+      scheme: bearer
+      x-is-auth: false

www/utils/generated/oas-output/base/store.oas.base.yaml

@@ -349,3 +349,8 @@ components:
       x-displayName: Cookie Session ID
       in: cookie
       name: connect.sid
+    reset_password:
+      type: http
+      x-displayName: Reset Password Token
+      scheme: bearer
+      x-is-auth: false

www/utils/generated/oas-output/operations/admin/post_auth_[actor_type]_[auth_provider]_update.ts

@@ -3,11 +3,11 @@
  * operationId: PostActor_typeAuth_providerUpdate
  * summary: Reset an Admin User's Password
  * x-sidebar-summary: Reset Password
- * description: Reset an admin user's password using a reset-password token generated with the [Generate Reset Password Token API route](https://docs.medusajs.com/api/admin#auth_postactor_typeauth_providerresetpassword).
+ * description: Reset an admin user's password using a reset-password token generated with the [Generate Reset Password Token API route](https://docs.medusajs.com/api/admin#auth_postactor_typeauth_providerresetpassword). You pass the token as a bearer token in the request's Authorization header.
  * externalDocs:
  *   url: https://docs.medusajs.com/v2/resources/commerce-modules/auth/authentication-route#reset-password-route
  *   description: Learn more about this API route.
- * x-authenticated: false
+ * x-authenticated: true
  * parameters:
  *   - name: auth_provider
  *     in: path
@@ -16,12 +16,6 @@
  *     schema:
  *       type: string
  *       example: "emailpass"
- *   - name: token
- *     in: query
- *     description: The reset password token received using the Get Reset Password API route.
- *     required: true
- *     schema:
- *       type: string
  * requestBody:
  *   content:
  *     application/json:
@@ -36,12 +30,15 @@
  *   - lang: Shell
  *     label: cURL
  *     source:  |-
- *       curl -X POST '{backend_url}/auth/user/emailpass/update?token=123' \
+ *       curl -X POST '{backend_url}/auth/user/emailpass/update' \
  *       -H 'Content-Type: application/json' \
+ *       -H 'Authorization: Bearer {token}' \
  *       --data-raw '{
  *         "email": "admin@medusa-test.com",
  *         "password": "supersecret"
  *       }'
+ * security:
+ *   - reset_password: []
  * tags:
  *   - Auth
  * responses:

www/utils/generated/oas-output/operations/store/post_auth_[actor_type]_[auth_provider]_update.ts

@@ -3,11 +3,11 @@
  * operationId: PostActor_typeAuth_providerUpdate
  * summary: Reset a Customer's Password
  * x-sidebar-summary: Reset Password
- * description: Reset a customer's password using a reset-password token generated with the [Generate Reset Password Token API route](https://docs.medusajs.com/api/store#auth_postactor_typeauth_providerresetpassword).
+ * description: Reset a customer's password using a reset-password token generated with the [Generate Reset Password Token API route](https://docs.medusajs.com/api/store#auth_postactor_typeauth_providerresetpassword). You pass the token as a bearer token in the request's Authorization header.
  * externalDocs:
  *   url: https://docs.medusajs.com/v2/resources/storefront-development/customers/reset-password#2-reset-password-page
  *   description: "Storefront development: How to create the reset password page."
- * x-authenticated: false
+ * x-authenticated: true
  * parameters:
  *   - name: auth_provider
  *     in: path
@@ -16,12 +16,6 @@
  *     schema:
  *       type: string
  *       example: "emailpass"
- *   - name: token
- *     in: query
- *     description: The reset password token received using the Get Reset Password API route.
- *     required: true
- *     schema:
- *       type: string
  * requestBody:
  *   content:
  *     application/json:
@@ -36,12 +30,15 @@
  *   - lang: Shell
  *     label: cURL
  *     source:  |-
- *       curl -X POST '{backend_url}/auth/customer/emailpass/update?token=123' \
+ *       curl -X POST '{backend_url}/auth/customer/emailpass/update' \
  *       -H 'Content-Type: application/json' \
+ *       -H 'Authorization: Bearer {token}' \
  *       --data-raw '{
  *         "email": "customer@gmail.com",
  *         "password": "supersecret"
  *       }'
+ * security:
+ *   - reset_password: []
  * tags:
  *   - Auth
  * responses: