You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
In OpenAPI Specification 3.0.x, the list of scope names of Security Requirement Object MUST be empty if the security scheme type is other than oauth2 or openIdConnect. But in 3.1.0, now it MAY contain role names which are required for the execution.
For other security scheme types, the array MAY contain a list of role names which are required for the execution, but are not otherwise defined or exchanged in-band.
For instance, if we have a operation definition like this:
I've tried custom templates first, but it does not work because the codegen model does not have scope values when security scheme type is other than oauth2 or openIdConnect. So we have to change the generator class to respect the scope values for all security scheme types.
Describe alternatives you've considered
Additional context
I've also made PR swagger-api/swagger-core#4550 to modify the documentation of @SecurityRequirement annotation class to allow the scopes field to have values for all security scheme types.
The text was updated successfully, but these errors were encountered:
Is your feature request related to a problem? Please describe.
In OpenAPI Specification 3.0.x, the list of scope names of Security Requirement Object MUST be empty if the security scheme type is other than
oauth2
oropenIdConnect
. But in 3.1.0, now it MAY contain role names which are required for the execution.For instance, if we have a operation definition like this:
We have the following generated code for each controller now:
But according to OAS 3.1.0, we can have the following generated code:
Describe the solution you'd like
I've tried custom templates first, but it does not work because the codegen model does not have scope values when security scheme type is other than
oauth2
oropenIdConnect
. So we have to change the generator class to respect the scope values for all security scheme types.Describe alternatives you've considered
Additional context
I've also made PR swagger-api/swagger-core#4550 to modify the documentation of
@SecurityRequirement
annotation class to allow the scopes field to have values for all security scheme types.The text was updated successfully, but these errors were encountered: