-
Notifications
You must be signed in to change notification settings - Fork 63
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The "body" location value for security schemes is underspecified #1037
Comments
One option here is to allow use of "name" for "body" to allow identification of a data schema element. Note however this is not currently a required element for body (so we can't make it mandatory without breaking backward compatibility in 1.1). Also, "name" is only one element, so does not allow for multiple values. Another approach would be to annotate the data schema with semantic types to identify the keys, client ids, and so forth, which might also be applicable to the uri template location mechanism. |
to refer to the specific parts of the body, we can use JSON Pointers |
Propose closing, BUT maybe want to follow up on JSON Pointers idea mentioned by Ege. Issue is "name" needs to refer to a particular element of a data schema (but, over several different data schemas, so would be relative to the top of each schema). A small edit to the current spec that says the name is a JSON Pointer relative to the top of the data schema might be appropriate. I can do a PR if people agree, and then we can close this. |
When a security key is embedded in the body of a message (eg as a POST) it will typically be part of a larger structured payload, so a data schema is required and the identification of a particular element in that schema as the key (or other elements, there might be more than one, i.e. a client id AND a key) is needed. This needs to be clarified in the definition of the "body" location specifier in security schemes.
The text was updated successfully, but these errors were encountered: