Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow URI-references for Security Requirements (3.2.0) #3821

Closed
wants to merge 1 commit into from
Closed

Allow URI-references for Security Requirements (3.2.0) #3821

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 4 additions & 2 deletions versions/3.2.0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3558,7 +3558,9 @@ flows:
#### <a name="securityRequirementObject"></a>Security Requirement Object

Lists the required security schemes to execute this operation.
The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#componentsObject).
The name used for each property MUST either correspond to a security scheme declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#componentsObject), or be the URI of a Security Scheme Object.
Property names that match the syntax of a component name under the Components Object MUST be treated as a component name.
ralfhandl marked this conversation as resolved.
Show resolved Hide resolved
To reference a Security Scheme with a single-segment relative URI reference (e.g. `foo`), use the `.` path segment (e.g. `./foo`).

Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized.
This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.
Expand All @@ -3569,7 +3571,7 @@ When a list of Security Requirement Objects is defined on the [OpenAPI Object](#

Field Pattern | Type | Description
---|:---:|---
<a name="securityRequirementsName"></a>{name} | [`string`] | Each name MUST correspond to a security scheme which is declared in the [Security Schemes](#componentsSecuritySchemes) under the [Components Object](#componentsObject). If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MAY contain a list of role names which are required for the execution, but are not otherwise defined or exchanged in-band.
<a name="securityRequirementsName"></a>{name} | [`string`] | Each name MUST correspond to a security scheme name or be a URI, as described above. If the security scheme is of type `"oauth2"` or `"openIdConnect"`, then the value is a list of scope names required for the execution, and the list MAY be empty if authorization does not require a specified scope. For other security scheme types, the array MAY contain a list of role names which are required for the execution, but are not otherwise defined or exchanged in-band.

##### Security Requirement Object Examples

Expand Down