Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using multiple security schemes in parallel #1358

Open
JZubero opened this issue Apr 2, 2024 · 3 comments
Open

Using multiple security schemes in parallel #1358

JZubero opened this issue Apr 2, 2024 · 3 comments
Assignees
@marclave
Labels
bug Something isn't working

Comments

@JZubero
Copy link

JZubero commented Apr 2, 2024

What happens?

After researching for some hours it seems that it's not possible to use multiple security schemes in parallel via the UI. No matter what config I use, I can only select and apply one method at a time.

What did you expect to happen?

I want to be able to provide e.g. a JWT as Bearer Token and an API-Key header at the same time.

How can we reproduce the issue?

Use the following spec to reproduce:

{
  "openapi": "3.1.0",
  "info": {
    "title": "Dummy API",
    "version": "0.1.0"
  },
  "tags": [
    {
      "name": "Data Service",
      "description": "Obtain static data"
    },
    {
      "name": "Profile Service",
      "description": "Profiles and stuff"
    }
  ],
  "security": [
    {
      "ApiKeyAuth": [],
      "BearerAuth": []
    }
  ],
  "components": {
    "securitySchemes": {
      "ApiKeyAuth": {
        "type": "apiKey",
        "in": "header",
        "name": "api-key",
        "description": "Basic API key for accessing non-profile related services"
      },
      "BearerAuth": {
        "type": "http",
        "scheme": "bearer",
        "description": "Required for accessing profile-related services",
        "bearerFormat": "JWT"
      }
    },
    "schemas": {}
  },
  "paths": {
    "/v1/data": {
      "get": {
        "operationId": "getV1Data",
        "tags": [
          "Data Service"
        ],
        "security": [
          {
            "ApiKeyAuth": []
          }
        ],
        "responses": {
          "200": {}
        }
      }
    },
    "/v1/profile/": {
      "get": {
        "operationId": "getV1Profile",
        "tags": [
          "Profile Service"
        ],
        "security": [
          {
            "ApiKeyAuth": [],
            "BearerAuth": []
          }
        ],
        "responses": {
          "200": {}
        }
      }
    }
  }
}

As per OAS 3.1.0 specification, it should be possible to use multiple security schemes in parallel when defined like above.

Swagger/OpenAPI Example

https://sandbox.scalar.com/e/jzsn4
@JZubero JZubero added the bug Something isn't working label Apr 2, 2024
@marclave marclave self-assigned this Apr 16, 2024
@corepay
Copy link

corepay commented Apr 17, 2024
edited

FWIW: Stoplight has this same issue only allowing one security scheme in their 'try it out' in UI even though the spec allows an array in security schemas. This for me was the reason I had to move to a different solution (rapidoc) although the interface sucks looks dated I had to have an apikey along with a bearer token...and why I am here still looking for the golden ticket. Would be a worthwhile feature.

A workaround hackadoodle is to require the apikey as a header param.

@marclave
Copy link
Member

let's get this fixed : )

@Xhale1
Copy link

Xhale1 commented Apr 22, 2024

Just ran into this myself when migrating from Swagger ui to Scalar. It would be cool to have an option to modify requests before they're sent as a workaround, similar to Swagger ui's onComplete. Though if this is fixed that's amazing! Loving Scalar so far

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@marclave marclave

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@marclave @Xhale1 @JZubero @corepay