Apicurio-studio: Security Schemes : None and another one (Apikey, Bearer...) in same time
Hello
Is there a way to allow on a same operation (GET, POST, etc) : no security AND another security scheme ?
I tried to add a 'none' security scheme but apicurio studio said :
"Property "type" is required.
Every Security Scheme must include a type, which indicates what kind of security is required (e.g. HTTP, API Key, etc)."
(or is there an option to disable the issue?)
Thanks for your help
elaugier
All 9 comments
I'll have to look into the OpenAPI spec to see if there's a way to express what you've described. I'm honestly not sure off the top of my head.
As for the disabling of the validation issue - there is currently no feature implemented to suppress the validation problems. However, the intent has always been to be able to do that. So I'll bump the priority on that feature.
EricWittmann
on 28 Oct 2018
I should add that the implementation of the validation logic was designed, from the beginning, to support the enabling/disabling of individual rules. The only thing missing is support for that in the UI. :)
EricWittmann
on 28 Oct 2018
OK @elaugier - after doing a bit of research on this, the OpenAPI spec does indeed support this use-case, but Apicurio doesn't really. If you're interested in the details of the spec, here are a couple of references:
https://github.com/OAI/OpenAPI-Specification/issues/14#issuecomment-297457320
https://github.com/OAI/OpenAPI-Specification/issues/1684
So I'm classifying this as an Apicurio bug and will think about the appropriate way to support this use-case in the UI.
Thanks for bringing it to my attention.
EricWittmann
on 29 Oct 2018
Note to future implementors (i.e. me): "anonymous" auth can be expressed in the OpenAPI spec by including an empty security requirement. Like this (for example):
security: [
{},
{"oauth": […]}
]
This would indicate that OAuth is an option, but that "no authentication" is also an option. Typically in this use-case, the results returned by the API differ if the call is made with authentication vs. anonymously.
EricWittmann
on 29 Oct 2018
Good news! Glad to have been able to make my very small contribution on this project. I am just starting to use it and it seems to me particularly well done. It really allows you to go faster to specify an API. Thank you for that. If I find something else (bug or suggestion), I will not hesitate to let you know .... Thank you for answering my question.
elaugier
on 29 Oct 2018
Yes please do - the best way to make projects like this better is feedback from users!
EricWittmann
on 29 Oct 2018
Working on UI support for this now. Turns out that the data model and validation layers already work just fine. It's just a UI enhancement. Should be done tomorrow. :)
EricWittmann
on 30 Oct 2018
By the way @elaugier - this is now live on https://studio.apicur.io/ - feedback welcome. :)
EricWittmann
on 1 Nov 2018
Works fine! Thanks you!
elaugier
on 2 Nov 2018
Related issues
null-dev
·
7Comments
AguRyan
·
3Comments
cvgaviao
·
6Comments
jsenko
·
6Comments
daida00
·
3Comments