OAI
OIDC auth and token enpoints to support enironments like servers section does
Servers section allows for multiple urls's however oidc only allows a single oidc server
@mcrobbj – It's not entirely clear what you want to have happen here, could you please elaborate? (most of the maintainers are not security experts, so you'll need to explain your use case and any relevant standards of which we should be aware)
The security section assumes I have one IAM I want to be able to have one per environment
servers:
- url: https://{environment}.api.server.test/v1 variables: environment: default: api.sit # SIT server enum: - api.dev # Development server - api.sit # SIT server - api.uat # UAT server - api.ppe # PPE server
- url: https://api.server.test/v1 # Production server
So something like this
securitySchemes:
mutualTLS:
description: Mutual TLS
type: mutualTLS
scheme: mutual
oauthAuthCode:
description: Auth Code
type: oauth2
flows:
authorizationCode:
authorizationUrl: 'https://
{environment}.secure.server.test/authorization' tokenUrl: 'https://{environment}.secure.server.test/token' variables: environment: default: api.sit # SIT server enum: - dev # Development server - sit # SIT server - uat # UAT server - ppe # PPE server scopes: admin: Admin scope user: User scope media: Media scope
On Fri, 24 May 2024 at 19:25, Henry Andrews @.***> wrote:
@mcrobbj https://github.com/mcrobbj – It's not entirely clear what you want to have happen here, could you please elaborate? (most of the maintainers are not security experts, so you'll need to explain your use case and any relevant standards of which we should be aware)
— Reply to this email directly, view it on GitHub https://github.com/OAI/OpenAPI-Specification/issues/3101#issuecomment-2130128494, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACQL2EGUFFIP6XMTLYAUNGLZD6AY5AVCNFSM6AAAAAATBTTVNWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZQGEZDQNBZGQ . You are receiving this because you were mentioned.Message ID: @.***>