utoipa icon indicating copy to clipboard operation
utoipa copied to clipboard
verified publisher icon juhaku

Can't find a way to express that two API keys are required (AND)

Open willbuckner opened this issue 2 years ago • 1 comments

When defining security schemes, I can't find any way to express that multiple API keys are required, and they are not independent (see https://swagger.io/docs/specification/authentication/#multiple). My API has an AWS-style access-key-id and secret-access-key:

impl Modify for SecurityAddon {
    fn modify(&self, openapi: &mut utoipa::openapi::OpenApi) {
        let components = openapi.components.as_mut().unwrap();
        components.add_security_scheme(
            "access_key",
            SecurityScheme::ApiKey(ApiKey::Header(ApiKeyValue::new("api-access-key-id"))),
        );
        components.add_security_scheme(
            "secret_key",
            SecurityScheme::ApiKey(ApiKey::Header(ApiKeyValue::new("api-secret-access-key"))),
        );
    }
}

Used as this:

    security(("access_key" = []), ("secret_key" = []))

However the OpenAPI spec generates this:

  "security": [
    {
      "access_key": []
    },
    {
      "secret_key": []
    }
  ],

When I need it to generate this:

  "security": [
    {
      "access_key": []
      "secret_key": []
    }
  ],

If you see the linked Swagger doc above, OpenAPI absolutely supports this, but there seems to be no way to express it with Utoipa. If there is a way, and I'm missing it, we should add an example of this to examples/; if not, it needs to be supported :)

Thanks!

willbuckner avatar Aug 01 '23 22:08 willbuckner

Short answer is, this is not supported, and not implemented. :smile: Though this could be implemented in future. Also PRs are welcome.

juhaku avatar Aug 02 '23 19:08 juhaku

This is actually done here: #813

juhaku avatar May 14 '24 18:05 juhaku