[Schema Inaccuracy] Security Schemes Missing

[philsturgeon]

Schema Inaccuracy

GitHub REST API uses OAuth2 access tokens, and has some support for query string tokens (deprecated) and basic auth (hmmmm) which could be described in your OpenAPI.

• GitHub REST API: Authentication
• Swagger.io Authentication Tutorial
• Avoid figuring out YAML syntax for security schemas with Stoplight Studio

Expected

    components:
      securitySchemes:
        BasicAuth:
          type: http
          scheme: basic

        OAuth2:
          type: oauth2
          flows:
            authorizationCode:
              authorizationUrl: https://example.com/oauth/authorize
              tokenUrl: https://example.com/oauth/token
              scopes:
                read: Grants read access
                write: Grants write access
                admin: Grants access to admin operations

Also this gave me the idea to make security schemes in OpenAPI, deprecateable thank you! OAI/OpenAPI-Specification#2506

[ahoglund]

@philsturgeon - Thanks for opening this issue! I'll add it to our internal backlog for discussion with the team.

[tomaszdurka]

I want to use Github api spec in an automated way. Is there possibility to add securitySchemes and security requirements for operations into the spec?

Thanks

[kmahorker]

Hi @shiftkey and @bearcherian 👋🏼

Any chance this could become a priority to be included?

Even securitySchemes described/noted in the readme could be very helpful :)