You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: versions/3.1.1.md
+5-2
Original file line number
Diff line number
Diff line change
@@ -3986,10 +3986,13 @@ flows:
3986
3986
Lists the required security schemes to execute this operation.
3987
3987
The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object).
3988
3988
3989
-
Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized.
3989
+
A Security Requirement Object MAY refer to multiple security schemes in which case all schemes MUST be satisfied for a request to be authorized.
3990
3990
This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.
3991
3991
3992
-
When a list of Security Requirement Objects is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request.
3992
+
When the `security` field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request.
3993
+
This enables support for scenarios where the API allows multiple, independent security schemes.
3994
+
3995
+
An empty Security Requirement Object (`{}`) indicates anonymous access is supported.
0 commit comments