Giters

swagger-api / swagger-core

Examples and server integrations for generating the Swagger API Specification, which enables easy access to your REST API

Home Page:http://swagger.io

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Cannot define API Key triple at root level

jobayle opened this issue · comments

commented

Dears,
I'm not sure whether this is a bug or a misunderstanding on me...

env:
Gradle + Kotlin + swagger-core jax-rs

version:
swagger-core 2.2.21

In my use case, auth requires a triple of API keys: X-AUTH-IDENT, X-AUTH-DOMAIN and X-AUTH-SECRET

I tried to define this triple using swagger-core annotations this way:

@OpenAPIDefinition(
    info = Info(
        title = "My API",
        version = "2",
    ),
    security = [
        SecurityRequirement(name = "apiIdent"),
        SecurityRequirement(name = "apiSecret"),
        SecurityRequirement(name = "apiDomain")
    ]
)
@SecuritySchemes(
    SecurityScheme(name = "apiIdent", paramName = "X-AUTH-IDENT",
        type = SecuritySchemeType.APIKEY, `in` = SecuritySchemeIn.HEADER),
    SecurityScheme(name = "appSecret", paramName = "X-AUTH-SECRET",
        type = SecuritySchemeType.APIKEY, `in` = SecuritySchemeIn.HEADER),
    SecurityScheme(name = "appDomain", paramName = "X-AUTH-DOMAIN",
        type = SecuritySchemeType.APIKEY, `in` = SecuritySchemeIn.HEADER),
)

gradle resolve generates the following JSON formatted API description:

{
  "openapi": "3.0.1",
  "info": {
    "title": "My API",
    "version": "2"
  },
  "security": [
    {
      "apiIdent": []
    },
    {
      "apiSecret": []
    },
    {
      "apiDomain": []
    }
  ],
  "paths": { ... },
  "components": {
    "schemas": { ... },
    "securitySchemes": {
      "appDomain": {
        "type": "apiKey",
        "name": "X-AUTH-DOMAIN",
        "in": "header"
      },
      "appSecret": {
        "type": "apiKey",
        "name": "X-AUTH-SECRET",
        "in": "header"
      },
      "apiIdent": {
        "type": "apiKey",
        "name": "X-AUTH-IDENT",
        "in": "header"
      }
    }
  }
}

Unfortunately, in swagger-ui only the X-AUTH-IDENT header is sent.

Is there something wrong in my OpenAPI definitions?

Thanks!

Also alternatively I tried to define the security in an openapi.yml file instead of using annotations, file referenced in the gradle build:

tasks.resolve {
    // ...
    openApiFile = layout.projectDirectory.file("src/resources/openapi.yml").asFile
}

openapi.yml:

# This file is merged with the resolved specification by the swagger gradle plugin
# See task resolve
openapi: 3.0.0
info:
  title: My API
  version: 2

components:
  securitySchemes:
    apiIdent:
      type: apiKey
      in: header
      name: X-AUTH-IDENT
    appSecret:
      type: apiKey
      in: header
      name: X-AUTH-SECRET
    appDomain:
      type: apiKey
      in: header
      name: X-AUTH-DOMAIN

security:
  - apiIdent: []
    appSecret: []
    appDomain: []

But in the output JSON there is no security at root level.

Thanks!