Can not use components/securitySchemes in swagger-ui

[lvonk]

Q	A
Bug or feature request?	Bug
Which Swagger/OpenAPI version?	Open API 3.0.0
Which Swagger-UI version?	version: "3.2.2", gitRevision: "g45e7a541", gitDirty: true, buildTimestamp: "Sat, 23 Sep 2017 20:06:42 GMT", machine: "Kyles-MacBook-Air.local"
How did you install Swagger-UI?	git pull && open dist/index.html
Which browser & version?	Chrome Version 61.0.3163.91 (Official Build) (64-bit)
Which operating system?	Mac 10.12.6

Defining security as follows works:

securityDefinitions:
  apikey_auth:
    type: apiKey
    in: header
    name: api_key

However this does not seem OpenAPI 3.0.0 compliant (or I can't find the definition of securityDefinitions anywhere in https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md).

Defining security according to the docs in OpenAPI 3.0.0 using securitySchemes and clicking the lock icon in the operation does not work and result in the following error in de ui:

components:
  securitySchemes:
    apikey_auth:
      type: apiKey
      in: header
      name: api_key

Complete openapi.yaml:

openapi: 3.0.0
info:
  title: Jortt API
  description: Api description jortt
  version: 2.0.0

servers:
  - url: http://localhost:9292/api/v2
    description: Development server

security:
  - apikey_auth: []

paths:
  /customers:
    get:
      summary: Customers
      description: The customers endpoint returns all customers known in Jortt
      operationId: getCustomers
      parameters:
        - name: query
          in: query
          description: A search string for customers
          required: false
          schema:
            type: string
      responses:
        '200':
          description: An array of customers
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/CustomerList"

components:
  securitySchemes:
    apikey_auth:
      type: apiKey
      in: header
      name: api_key
  schemas:
    Paging:
      properties:
        total_items:
          type: integer
        total_pages:
          type: integer
        page_size:
          type: integer
        current_page:
          type: integer
    Customer:
      properties:
        customer_id:
          type: string
          description: Unique id
        name:
          type: string
          description: Name of the customer
    CustomerList:
      allOf:
        - properties:
            customers:
              description: Contains list of customers
              type: array
              items:
                $ref: "#/components/schemas/Customer"
        - $ref: "#/components/schemas/Paging"

[webron]

@shockey is this related to the try it out functionality or something else?

[shockey]

Looks like this is coming from the authorization feature itself, here's where the error is throwing from:

swagger-ui/src/core/plugins/auth/selectors.js

Line 37 in e80b2f5

let definition = securityDefinitions.get(name)

Adding securityDefinitions to a 3.0 document works, because the authorization feature is not OpenAPI-aware at the moment. It looks for the same structures, regardless of the swagger or openapi value in the document.

Obviously, the real fix is to implement OpenAPI authorization support, but in the meantime, disabling authorization features when an OpenAPI document is present will prevent this sort of issue.

[hkosova]

Support for OAS 3.0 securitySchemes is covered by #3641 and #3665.

[shockey]

Closing this, as the ambiguous Swagger2-in-OAS3 behavior has been solved and the OAS3 securitySchemes functionality is covered in other tickets 😄