Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot define API Key triple at root level #4652

Open
jobayle opened this issue Apr 9, 2024 · 0 comments
Open

Cannot define API Key triple at root level #4652

jobayle opened this issue Apr 9, 2024 · 0 comments

Comments

@jobayle
Copy link

jobayle commented Apr 9, 2024

Dears,
I'm not sure whether this is a bug or a misunderstanding on me...

env:
Gradle + Kotlin + swagger-core jax-rs

version:
swagger-core 2.2.21

In my use case, auth requires a triple of API keys: X-AUTH-IDENT, X-AUTH-DOMAIN and X-AUTH-SECRET

I tried to define this triple using swagger-core annotations this way:

@OpenAPIDefinition(
    info = Info(
        title = "My API",
        version = "2",
    ),
    security = [
        SecurityRequirement(name = "apiIdent"),
        SecurityRequirement(name = "apiSecret"),
        SecurityRequirement(name = "apiDomain")
    ]
)
@SecuritySchemes(
    SecurityScheme(name = "apiIdent", paramName = "X-AUTH-IDENT",
        type = SecuritySchemeType.APIKEY, `in` = SecuritySchemeIn.HEADER),
    SecurityScheme(name = "appSecret", paramName = "X-AUTH-SECRET",
        type = SecuritySchemeType.APIKEY, `in` = SecuritySchemeIn.HEADER),
    SecurityScheme(name = "appDomain", paramName = "X-AUTH-DOMAIN",
        type = SecuritySchemeType.APIKEY, `in` = SecuritySchemeIn.HEADER),
)

gradle resolve generates the following JSON formatted API description:

{
  "openapi": "3.0.1",
  "info": {
    "title": "My API",
    "version": "2"
  },
  "security": [
    {
      "apiIdent": []
    },
    {
      "apiSecret": []
    },
    {
      "apiDomain": []
    }
  ],
  "paths": { ... },
  "components": {
    "schemas": { ... },
    "securitySchemes": {
      "appDomain": {
        "type": "apiKey",
        "name": "X-AUTH-DOMAIN",
        "in": "header"
      },
      "appSecret": {
        "type": "apiKey",
        "name": "X-AUTH-SECRET",
        "in": "header"
      },
      "apiIdent": {
        "type": "apiKey",
        "name": "X-AUTH-IDENT",
        "in": "header"
      }
    }
  }
}

Unfortunately, in swagger-ui only the X-AUTH-IDENT header is sent.

Is there something wrong in my OpenAPI definitions?

Thanks!

Also alternatively I tried to define the security in an openapi.yml file instead of using annotations, file referenced in the gradle build:

tasks.resolve {
    // ...
    openApiFile = layout.projectDirectory.file("src/resources/openapi.yml").asFile
}

openapi.yml:

# This file is merged with the resolved specification by the swagger gradle plugin
# See task resolve
openapi: 3.0.0
info:
  title: My API
  version: 2

components:
  securitySchemes:
    apiIdent:
      type: apiKey
      in: header
      name: X-AUTH-IDENT
    appSecret:
      type: apiKey
      in: header
      name: X-AUTH-SECRET
    appDomain:
      type: apiKey
      in: header
      name: X-AUTH-DOMAIN

security:
  - apiIdent: []
    appSecret: []
    appDomain: []

But in the output JSON there is no security at root level.

Thanks!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jobayle