http-spec icon indicating copy to clipboard operation
http-spec copied to clipboard

Published 20 hours ago verified publisher icon stoplightio

Add bearer security scope support

Open defunctzombie opened this issue 2 years ago • 1 comments

With openapi 3.1.0 the spec now allows for specifying scopes for bearer auth. This is useful for APIs which accept API keys in headers (with bearer auth) and the user can configure the key to have certain permissions. A good example of this is cloud providers and roles attached to the api key.

What would be the correct way to introduce this concept to the types and transformations provided in this library. The ultimate goal is to update elements to display these required scopes/roles for specific http routes. The display is similar to how oauth scopes are displayed except these are for API keys.

it('should support bearer scopes', () => {
    const document: Partial<OpenAPIObject> = {
      openapi: '3.1.0',
      components: {
        schemas: {},
        securitySchemes: {
          'API Key': {
            type: 'http',
            scheme: 'bearer',
          },
        },
      },
      security: [{ 'API Key': ['read'] }],
    };

Right now the transformed object does not include these scopes and elements is not able to display them because they don't exist in the transformed object.

defunctzombie avatar Dec 02 '22 02:12 defunctzombie