openapi-diff icon indicating copy to clipboard operation
openapi-diff copied to clipboard

Published 20 hours ago verified publisher icon OpenAPITools

Removing a security scheme is considered incompatible

Open thake opened this issue 2 years ago • 1 comments

Removing a security scheme should IMHO not be considered incompatible, as the API should still accept requests with the old security scheme applied.

If this issue is accepted, I'm happy to provide a PR.

thake avatar Jan 28 '22 10:01 thake

@thake I disagree. When you remove a security scheme, then clients using this scheme won't be able to authenticate against your API.

as the API should still accept requests with the old security scheme applied.

In this case your API and your API specification do not match, do they?

Do you have another use case in mind? Maybe I misunderstood you.

joschi avatar Jan 29 '22 16:01 joschi