Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spec with multiple alternate security schemes fails request when one is missing #80

Closed
TristanSpeakEasy opened this issue Jan 14, 2024 · 2 comments
Closed

Spec with multiple alternate security schemes fails request when one is missing #80

TristanSpeakEasy opened this issue Jan 14, 2024 · 2 comments
Labels
bug Something isn't working

Comments

@TristanSpeakEasy
Copy link

Consider this spec:

openapi: 3.1.0
info:
  title: Test
  version: 0.1.0
security:
  - xApiKey: []
  - apiKey: []
paths:
  /test:
    get:
      responses:
        '200':
          description: OK
components:
  securitySchemes:
    xApiKey:
      type: apiKey
      in: header
      name: x-api-key
    apiKey:
      type: apiKey
      in: header
      name: Authorization

this error is returned when making a request:

{"type":"https://pb33f.io/wiretap/error","title":"unable to serve mocked response","status":401,"detail":"apiKey not found, no `x-api-key` header found in request"}

The sent request had the Authorization header set but not the x-api-key header.

but the security:

security:
  - xApiKey: []
  - apiKey: []

defines either xApiKey OR apiKey can be sent.

And AND relationship is defined like so:

security:
  - xApiKey: []
    apiKey: []
@TristanSpeakEasy
Copy link
Author

As an addition to this bug it seems optional security is also not respected.

IE if security is defined like so:

security:
  - xApiKey: []
  - {}

And no header is set then the same sort of response is returned but defining security like this means the security is optional, basically means xApiKey OR nothing

@daveshanley daveshanley added the bug Something isn't working label Jan 19, 2024
daveshanley added a commit that referenced this issue Jan 26, 2024
@daveshanley
addressed issue #80
4bbcb26 
Signed-off-by: quobix <dave@quobix.com>
@daveshanley daveshanley mentioned this issue Jan 26, 2024
Merged
daveshanley added a commit that referenced this issue Jan 27, 2024
@daveshanley
addressed issue #80
1ad8999 
Signed-off-by: quobix <dave@quobix.com>
@daveshanley
Copy link
Member

This should be resolved in v0.1.1

@richjyoung richjyoung mentioned this issue Oct 23, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@daveshanley @TristanSpeakEasy