Security Schemes : None and another one (Apikey, Bearer...) in same time #482
Comments
|
I'll have to look into the OpenAPI spec to see if there's a way to express what you've described. I'm honestly not sure off the top of my head. As for the disabling of the validation issue - there is currently no feature implemented to suppress the validation problems. However, the intent has always been to be able to do that. So I'll bump the priority on that feature. |
|
I should add that the implementation of the validation logic was designed, from the beginning, to support the enabling/disabling of individual rules. The only thing missing is support for that in the UI. :) |
|
OK @elaugier - after doing a bit of research on this, the OpenAPI spec does indeed support this use-case, but Apicurio doesn't really. If you're interested in the details of the spec, here are a couple of references: OAI/OpenAPI-Specification#14 (comment) So I'm classifying this as an Apicurio bug and will think about the appropriate way to support this use-case in the UI. Thanks for bringing it to my attention. |
|
Note to future implementors (i.e. me): "anonymous" auth can be expressed in the OpenAPI spec by including an empty security requirement. Like this (for example): security: [
{},
{"oauth": […]}
]This would indicate that OAuth is an option, but that "no authentication" is also an option. Typically in this use-case, the results returned by the API differ if the call is made with authentication vs. anonymously. |
|
Good news! Glad to have been able to make my very small contribution on this project. I am just starting to use it and it seems to me particularly well done. It really allows you to go faster to specify an API. Thank you for that. If I find something else (bug or suggestion), I will not hesitate to let you know .... Thank you for answering my question. |
|
Yes please do - the best way to make projects like this better is feedback from users! |
|
Working on UI support for this now. Turns out that the data model and validation layers already work just fine. It's just a UI enhancement. Should be done tomorrow. :) |
|
By the way @elaugier - this is now live on https://studio.apicur.io/ - feedback welcome. :) |
|
Works fine! Thanks you! |
Hello
Is there a way to allow on a same operation (GET, POST, etc) : no security AND another security scheme ?
I tried to add a 'none' security scheme but apicurio studio said :
"Property "type" is required.
Every Security Scheme must include a type, which indicates what kind of security is required (e.g. HTTP, API Key, etc)."
(or is there an option to disable the issue?)
Thanks for your help
The text was updated successfully, but these errors were encountered: