Cannot define API Key triple at root level
jobayle opened this issue · comments
Dears,
I'm not sure whether this is a bug or a misunderstanding on me...
env:
Gradle + Kotlin + swagger-core jax-rs
version:
swagger-core 2.2.21
In my use case, auth requires a triple of API keys: X-AUTH-IDENT
, X-AUTH-DOMAIN
and X-AUTH-SECRET
I tried to define this triple using swagger-core annotations this way:
@OpenAPIDefinition(
info = Info(
title = "My API",
version = "2",
),
security = [
SecurityRequirement(name = "apiIdent"),
SecurityRequirement(name = "apiSecret"),
SecurityRequirement(name = "apiDomain")
]
)
@SecuritySchemes(
SecurityScheme(name = "apiIdent", paramName = "X-AUTH-IDENT",
type = SecuritySchemeType.APIKEY, `in` = SecuritySchemeIn.HEADER),
SecurityScheme(name = "appSecret", paramName = "X-AUTH-SECRET",
type = SecuritySchemeType.APIKEY, `in` = SecuritySchemeIn.HEADER),
SecurityScheme(name = "appDomain", paramName = "X-AUTH-DOMAIN",
type = SecuritySchemeType.APIKEY, `in` = SecuritySchemeIn.HEADER),
)
gradle resolve
generates the following JSON formatted API description:
{
"openapi": "3.0.1",
"info": {
"title": "My API",
"version": "2"
},
"security": [
{
"apiIdent": []
},
{
"apiSecret": []
},
{
"apiDomain": []
}
],
"paths": { ... },
"components": {
"schemas": { ... },
"securitySchemes": {
"appDomain": {
"type": "apiKey",
"name": "X-AUTH-DOMAIN",
"in": "header"
},
"appSecret": {
"type": "apiKey",
"name": "X-AUTH-SECRET",
"in": "header"
},
"apiIdent": {
"type": "apiKey",
"name": "X-AUTH-IDENT",
"in": "header"
}
}
}
}
Unfortunately, in swagger-ui only the X-AUTH-IDENT header is sent.
Is there something wrong in my OpenAPI definitions?
Thanks!
Also alternatively I tried to define the security in an openapi.yml
file instead of using annotations, file referenced in the gradle build:
tasks.resolve {
// ...
openApiFile = layout.projectDirectory.file("src/resources/openapi.yml").asFile
}
openapi.yml:
# This file is merged with the resolved specification by the swagger gradle plugin
# See task resolve
openapi: 3.0.0
info:
title: My API
version: 2
components:
securitySchemes:
apiIdent:
type: apiKey
in: header
name: X-AUTH-IDENT
appSecret:
type: apiKey
in: header
name: X-AUTH-SECRET
appDomain:
type: apiKey
in: header
name: X-AUTH-DOMAIN
security:
- apiIdent: []
appSecret: []
appDomain: []
But in the output JSON there is no security at root level.
Thanks!