-
Notifications
You must be signed in to change notification settings - Fork 2.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Requirement Object with multiple schemes in AND #318
Comments
Do you want to use two securities at the same time in "try operation"? |
The api key identifies the client (web app, native app, 3rdy party api trusted clients) for the purpose of tracking, rate limits etc, access token identifies and authorizes the user. There is no doubt that there are ways to encode api key information with token only, but I'd like to model the api in a uniform manner. Take this opportunity to ask another question. Response headers are not represented at ui level. How to document the classic 201 Created with Location header? Thanks |
This is new to me as well. ;-) I did not think of a use case where calling In terms of supporting it in swagger-editor with respect to other features On Sun, Feb 1, 2015 at 11:08 AM, Marco Mazzocchetti <
Cheers, PrabhatHelp spread www.eejot.org |
For Response Headers I have #268. For multiple security in try operation we can have a checkbox for each security instead of a dropdown that allows only one security to be selected at a time. |
@prabhatjha - I don't have a discussion thread on the matter, it's just one of the changes we put into the spec after many requests for it over the years. @mazzock's design is not really far-fetched, and is actually relatively common. It's not really multiple authentications, but rather a single authentication with several layers. Nothing wrong there, and it's not really our place to say whether it is a proper or improper design, we're just here to help document it. |
We would be needing this as well. In our case, couple of extra headers need to be sent, the same headers on every endpoint. They are not actually api keys or other authentication, but do relate slightly to security and identity of the user. So practically, we would need "global headers" and not really "security headers". But afaik global headers are not even supported in the spec? |
@tuukkamustonen You can define parameters globally using global See this example: ---
swagger: '2.0'
info:
version: 1.0.0
title: Pets Store
parameters:
x-something:
name: X-Something
in: header
description: Global header `X-Something`
type: string
paths:
/pets:
parameters:
- $ref: '#/parameters/x-something'
get:
responses:
200:
description: Returns all the pets
|
@mohsen1 Thanks, but I don't consider that "global parameters" :) I am actually using what you suggest here. The problem is (aside from the fact that you have to have those $refs here and there, which is not too bad), that these fields are endpoint-specific and not global like security fields. In other words, user has to always redefine these fields when doing test requests, even when they would remain the same throughout the endpoints. |
Hi,
Playing with Swagger Editor (http://editor.swagger.io/), i'm trying to define multiple security schemes (in AND) for same operation following swagger 2.0 specs (javascript format).
Here reference: https://github.com/swagger-api/swagger-spec/blob/master/versions/2.0.md#securityRequirementObject.
This is my declaration
And later
...
No errors, no warnings. AccessToken and APIKey too are both well defined in securityDefinitions sections but in the preview I have security table misaligned and, even worse, in the "try operation" view, it does not make me choose both security schemes I have defined, I'm forced to choose one (see attached screenshot)
.
There is something wrong in my statement?
Its 'a known bug?
Thanks
mazzock
The text was updated successfully, but these errors were encountered: