tornado-swagger
tornado-swagger copied to clipboard
mrk-andreev
Incorrect Handling of securityDefinitions for OpenAPI 3 in _builders.py
Issue: Incorrect Handling of securityDefinitions for OpenAPI 3 in _builders.py
Description:
I've identified an issue in the OpenApiDocBuilder class where the handling of securityDefinitions for OpenAPI 3 is not consistent with the OpenAPI 3 specification. For more details, refer to the Authentication and Authorization official documentation from Swagger.
Usage
security_definitions = {
"Bearer": {
"type": "apiKey",
"name": "Authorization",
"in": "header",
"description": "Enter your Bearer token in the format: Bearer <token>"
}
}
security = [{"Bearer": []}]
setup_swagger(url_specs,
swagger_url="/api/docs",
api_version="1.0",
title="My API Title",
description="My API description",
schemes=["http", "https"],
security_definitions=security_definitions,
security=security,
api_definition_version="openapi-3"
)
Current Behavior:
The "Authorize" option does not appear at the Swagger UI.
The code for _builders.py (line 256) currently sets the securityDefinitions directly under the main Swagger spec:
if security_definitions:
swagger_spec["securityDefinitions"] = security_definitions
Expected Behavior:
According to the OpenAPI 3 specification, the securityDefinitions should be nested inside the components section under the key securitySchemes.
The correct implementation should look like this:
if security_definitions:
swagger_spec["components"]["securitySchemes"] = security_definitions
After the proposed changes i was able to use the "Authorization" button in the Swagger UI and it works properly.
Thank you for the awesome repo!
