-
Notifications
You must be signed in to change notification settings - Fork 8.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(ux): ensure that optional security schema is rendered without padlock. #6839
Conversation
@mathis-m thanks for the PR! I would suggest reducing the scope of this PR to just the fix for this specific use case: security:
- {} The other use case where security is optional security:
- {}
- apikeyScheme: [] probably needs UX/design input before going forward. The reason being, if an endpoint supports security even if it's optional, consumers still need to know that this endpoint is secured. Maybe optional security needs a different lock icon or custom wording or something like that. cc @tim-lai |
@hkosova for my understanding if a operation contains anonymous access I would not consider this operation as secure. But yes from UX perspective it might make sense to mark it optional. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's create a new /tests/security/anonymous.js
instead of the tests/bugs/6767.js
. We can still include the ticket number in the description.
Reasoning: we are going to start deprecating the use of the /tests/bugs
directory in favor of a more descriptive test filename/structure, so that related test bugs reside close to the test feature(s) itself.
done in f14a5a3
Nice! I think it would be good if this may be stated in |
After further consideration, I concur with @hkosova. Let's reduce scope for this PR, to only include a single empty object case. However, we should note in the Cypress test that this is a specific implementation choice, and that it is possible to extend/change in the future. |
@mathis-m Thanks for the updates! PR is now merged! |
@mathis-m I'm a bit late with the answers 😄 but still:
A login operation is probably not a good example for optional security. The most common use case is an operation that returns different amount of data based on anonymous vs authenticated access. Example: GitHub repo listing API, which returns public repos by default vs both public and private when authenticated. Private data is still secured in this case.
Actually UI already marks optional security differently. Such operations are initially displayed with the black locked icon, which serves as an indicator that "credentials are already provided". There are some more details about this design choice in this comment. |
Description
In case there is a empty security definition included the padlock will not be rendered.
Motivation and Context
Fixes #6767
How Has This Been Tested?
new cypress test
Checklist
My PR contains...
src/
is unmodified: changes to documentation, CI, metadata, etc.)package.json
)My changes...
Documentation
Automated tests