elements
elements copied to clipboard
stoplightio
Multiple values for authentication
Multiple Authentication parameters
As a web user, I'd like to do "Try It!" with authorization token and user ID, but it's not currently possible (I've checked even code of this project, and seems like this is not possibility, yet).
We are currently moving from using Postman to Stoplight. While moving, we got an issue, where we want to send Authorization: Bearer token and header X-ACCOUNT-ID: 123, as one user can have multiple accounts in our system.
Luckily, this is part of OpenAPI spec (multiple parameters by no leading dash between security parameters). However, this is not working in elements.
The ID is used as part of the authentication, so it's not really something we'd like to mark as parameter for each and every endpoint we have.
Example for this in OpenAPI
components:
securitySchemes:
jwtToken:
type: http
scheme: bearer
accountId:
type: apiKey
in: header
name: X-ACCOUNT-ID
security:
- jwtToken: []
accountId: [] # <-- no leading dash (-)
Having the same issue here!
This is a very common use case. Most apis require an ApiToken for any endpoint and a second BearerToken or similar for any auth endpoints.
Stoplight elements currently incorrectly interprets the OpenAPI specification regarding the security requirement objects.
Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized. This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.
Specifically a security like this:
security:
- apiKey: []
accessToken: []
must be interpreted as apiKey and accessToken while
security:
- apiKey: []
- accessToken: []
means apiKey or accessToken.
Currently both types are simply flattened into a single array of choices.
