You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: versions/3.0.4.md
+5-2
Original file line number
Diff line number
Diff line change
@@ -3726,10 +3726,13 @@ flows:
3726
3726
Lists the required security schemes to execute this operation.
3727
3727
The name used for each property MUST correspond to a security scheme declared in the [Security Schemes](#security-scheme-object) under the [Components Object](#components-object).
3728
3728
3729
-
Security Requirement Objects that contain multiple schemes require that all schemes MUST be satisfied for a request to be authorized.
3729
+
A Security Requirement Object MAY refer to multiple security schemes in which case all schemes MUST be satisfied for a request to be authorized.
3730
3730
This enables support for scenarios where multiple query parameters or HTTP headers are required to convey security information.
3731
3731
3732
-
When a list of Security Requirement Objects is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object), only one of the Security Requirement Objects in the list needs to be satisfied to authorize the request.
3732
+
When the `security` field is defined on the [OpenAPI Object](#openapi-object) or [Operation Object](#operation-object) and contains multiple Security Requirement Objects, only one of the entries in the list needs to be satisfied to authorize the request.
3733
+
This enables support for scenarios where the API allows multiple, independent security schemes.
3734
+
3735
+
An empty Security Requirement Object (`{}`) indicates anonymous access is supported.
0 commit comments