Does ApiKey security scheme supports multiple keys? #625
-
|
OpenAPI 3.0 spec describes an option to have multiple API keys required at the same time: https://swagger.io/docs/specification/authentication/api-keys/#multiple Does |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 2 replies
-
|
Hello, struct SecurityAddon;
impl Modify for SecurityAddon {
fn modify(&self, openapi: &mut utoipa::openapi::OpenApi) {
let components = openapi.components.as_mut().unwrap();
components.add_security_scheme(
"apiKey",
SecurityScheme::ApiKey(ApiKey::Header(ApiKeyValue::new("X-API-KEY"))),
);
components.add_security_scheme(
"appId",
SecurityScheme::ApiKey(ApiKey::Header(ApiKeyValue::new("X-APP-ID"))),
);
}
}Finally, you can pass this modifier to your #[derive(OpenApi)]
#[openapi(
// [...]
modifiers(&SecurityAddon),
)]
struct ApiDoc;Result"securitySchemes": {
"apiKey": {
"type": "apiKey",
"in": "header",
"name": "X-API-KEY"
},
"appId": {
"type": "apiKey",
"in": "header",
"name": "X-APP-ID"
}
} |
Beta Was this translation helpful? Give feedback.
-
|
Wouldn't that be two alternative schemas? The intent here is to require two headers being set at the same time. Perhaps the difference is only at the level of applying security schemas to endpoints? The OpenAPI doc linked above describes this difference between multiple alternative schemas and a single schema with multiple headers as: # one of the two is required
security:
- apiKey: []
- appId: []
# both are required
security:
- apiKey: []
appId: []Similarly, |
Beta Was this translation helpful? Give feedback.
-
|
Yep, I'm afraid the
https://docs.rs/utoipa/latest/utoipa/openapi/security/struct.SecurityRequirement.html |
Beta Was this translation helpful? Give feedback.
Yep, I'm afraid the
utoipa::openapi::security::SecurityRequirementobject doesn't accept more than one security scheme in its implementation.https://docs.rs/utoipa/latest/utoipa/openapi/security/struct.SecurityRequirement.html