swagger-codegen icon indicating copy to clipboard operation
swagger-codegen copied to clipboard
verified publisher icon swagger-api

The scopes from security declaration of an operation are ignored

Open msevcenko opened this issue 1 year ago • 0 comments

Discussed in https://github.com/swagger-api/swagger-codegen/discussions/12428

In the following settings of an operation:

      security:
        - petstore_auth:
            - write:pets
            - read:pets

it seems that only scheme name is retrieved, and the actual list of scopes is ignored, i.e. all scopes are used for operation. The following code is then generated

    @GET
    @Path("/findByStatus")
    @Produces({ "application/json", "application/xml" })
    @Operation(summary = "Finds Pets by status", description = "Multiple status values can be provided with comma separated strings", security = {
        @SecurityRequirement(name = "petstore_auth", scopes = {
            "write:pets",
"read:pets"        })    }, tags={ "pet" })

even if the list of scopes is reduced e.g. to

      security:
        - petstore_auth:
            - read:pets

Tested with swagger editor example and downloading code as jaxrs-jersey server code.

msevcenko avatar Jul 22 '24 14:07 msevcenko