Optional scopes for required security scheme #431
Comments
|
@diogeneshamilton It looks like this issue hasn't been commented in a while. Is this still an issue? |
|
It looks to me like this is possible to document this type of behavior through multiple security scheme definitions, paired with multiple example responses, but unfortunately without it being more explicitly supported, there would not be a possibility of using tools like codegen to work with this type of security scheme. At this point, the better solution is probably not to build an API with this functionality, if you're planning on using OpenAPI 🥇 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
OAuth 2 doesn't have a restriction on scopes needing encompass a whole endpoint, so I'd like a way in Swagger to define an optional scope. For example, returning the user's email on the
/users/{user_id}endpoint allows an optionalaccess_emailscope. I could create new security schemes for each combination, but that's pretty cumbersome, especially with 5-10 possible scope combinations.The text was updated successfully, but these errors were encountered: