Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Schema definition in the spec is not clear. #461

Closed
guptasu opened this issue Sep 10, 2015 · 2 comments
Closed

Security Schema definition in the spec is not clear. #461

guptasu opened this issue Sep 10, 2015 · 2 comments
Labels
clarification requests to clarify, but not change, part of the spec security: config The mechanics of severs and structure of security-related objects security

Comments

@guptasu
Copy link

guptasu commented Sep 10, 2015

Reading security field in Swagger object, I interpret it as there is a logical OR between the security requirement objects.
Then reading security requirement object, I interpret it as, it is an object with multiple fields (which reference to schemas defined security schema definition) and there is a logical AND between them.
Is my understanding right ?

For example:

                "security": [
                    {
                        "petstore_auth": [
                            "write_pets",
                            "read_pets"
                        ],
                        "api_key" : []
                    },
                    {
                        "petstore_advance_auth": [
                            "write_pets",
                            "read_pets"
                        ]
                    }
                ]

would mean required authentication for the operation is either
(petstore_advance_auth) OR (petstore_auth AND api_key)

Is my understanding correct, if so an example for that in the spec would be really helpful.

If I am not right, then what is the recommended way to specify if an operation needs 2 auth and both are required, else its treated as unauthorized.
@webron
Copy link
Member

webron commented Sep 11, 2015

Your understanding is correct.

@fredbi fredbi mentioned this issue Apr 15, 2018
Merged
@handrews handrews added security clarification requests to clarify, but not change, part of the spec security: config The mechanics of severs and structure of security-related objects labels Jan 29, 2024
@handrews
Copy link
Member

Answered more than 6 years ago with no further comment. Closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
clarification requests to clarify, but not change, part of the spec security: config The mechanics of severs and structure of security-related objects security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@webron @handrews @guptasu