Security Scheme should be defined per API group and not globally.
robinmanuelthiel opened this issue · comments
Robin-Manuel Thiel commented
OpenApiEnvironment
's .WithApiGroup()
should define the Security Scheme, because each API group can have a different security scheme. See the example below. Technically, the internal group does not need SecuritySchemeDefaults.JwtBearer
Before
_options
.AddOpenApi("v1")
.WithApiGroup("public", "Public Space Blocks Core API", "This is the public API.")
.WithApiGroup("internal", "Internal Space Blocks Core API", "This is the internal APIs", publish: false)
.WithApiGroup("permissions", "Permissions Config API", "This is the Permissions Space Block Config APIs")
.WithSecurityScheme(SecuritySchemeDefaults.JwtBearer);
After
_options
.AddOpenApi("v1")
.WithApiGroup("public", "Public Space Blocks Core API", "This is the public API.", SecuritySchemeDefaults.JwtBearer)
.WithApiGroup("internal", "Internal Space Blocks Core API", "This is the internal APIs", SecuritySchemeDefaults.None, publish: false)
.WithApiGroup("permissions", "Permissions Config API", "This is the Permissions Space Block Config APIs", SecuritySchemeDefaults.JwtBearer);