azure-functions-openapi-extension icon indicating copy to clipboard operation
azure-functions-openapi-extension copied to clipboard

Published 20 hours ago verified publisher icon Azure

Feature: OAuth2 scope at operation level

Open arbs-io opened this issue 3 years ago • 0 comments

Many thanks for an amazing liberary. I would like to know if there is a way so scope oauth2 at operation level. The default behaviour seems to apply all scopes to each operation.

example

path:

        "security": [
          {
            "OAuth2": [
              "ApiStudio.Prototype.ApiName.ResourceCollection1.Read",
              "ApiStudio.Prototype.ApiName.ResourceCollection1.Write"
            ]
          }

securitySchemes

      "OAuth2": {
        "type": "oauth2",
        "flows": {
          "implicit": {
            "authorizationUrl": "http://api-studio.io/oauth2/token",
            "scopes": {
              "ApiStudio.Prototype.ApiName.ResourceCollection1.Read": "ApiStudio.Prototype.ApiName.ResourceCollection1.Read",
              "ApiStudio.Prototype.ApiName.ResourceCollection1.Write": "ApiStudio.Prototype.ApiName.ResourceCollection1.Write"
            }
          }
        }
      }

I would really appreciate the ability to apply the scope(s) that are actually used to protect the operation, not all. This is also useful for API gateway that parse the spec to extract which claim is used for security.

arbs-io avatar Feb 02 '22 22:02 arbs-io