Move security requirements to server objects

[fmvilas]

Many async APIs out there have proved to support different protocols for the same API. For instance, they might support using WebSockets and MQTT, HTTP streaming and WebSockets, etc.

The way you authenticate to these APIs depend very much on the protocol, so I think it would make sense to attach the security requirement to the server you're connecting to.

Example:

servers:
  # This server supports connecting using user-password or X509 certificate
  - url: async.api.com:1883
    scheme: mqtt
    securityRequirements:
      - X509Certificate
      - userPass
  # This server only supports connecting using user-password
  - url: async.api.com
    scheme: amqp
    securityRequirements:
      - userPass

components:
  securitySchemes:
    userPass:
      type: userPassword
    X509Certificate:
      type: X509

Right now the security requirements are at the root level, making it impossible to guess which server supports which security scheme.

[asyncapi-bot]

🎉 This issue has been resolved in version 1.0.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀