php-openapi icon indicating copy to clipboard operation
php-openapi copied to clipboard
verified publisher icon cebe

How to use Security and SecurityRequirement

Open nadar opened this issue 5 years ago • 1 comments

I am not sure how to use Security in combination with SecurityRequirements.

The Security Schema defined:

new OpenApi([
    'components' => new Components([
            'securitySchemes' => [
                'BearerAuth' => new SecurityScheme([
                    'type' => 'http',
                    'scheme' => 'bearer',
                    'bearerFormat' => 'AuthToken and JWT Format' # optional, arbitrary value for documentation purposes
                ])
            ],
   ]),
]);

Now the security schema is created (components).

How do i assign this security schema for an specific operation?

return new PathItem([
    'get' => new Operation([
        'security' => [new SecurityRequirement(['BearerAuth'])],
    ])
]);

Thanks for the great library and maybe it clarifies this task also for others.

nadar avatar Jul 28 '20 08:07 nadar

I have never used Security and SecurityRequirement definitions before, but according to this documentation (https://swagger.io/docs/specification/authentication/) it seems it needs to look like this in YAML:

    get:
      security:
        - BearerAuth: []
#...
      summary: Gets the account billing info
      responses:
        '200':
          description: OK

So the correct way to create such a spec from PHP code would be:

return new PathItem([
    'get' => new Operation([
        'security' => [new SecurityRequirement(['BearerAuth' => []])],
        // ...
    ])
]);

I have not tried it, but this should work as far as I see. I also see there is room for improvement on the class API here, so even if this answers your question, please keep the issue open.

cebe avatar Jul 29 '20 19:07 cebe