[OpenAPI] SecurityRequirement case class produces invalid open api json #3058

kdelija · 2024-08-27T14:16:51Z

Describe the bug
When generating OpenApi json. SecurityRequirement adds securitySchemes object that is not a part of OpenApi 3.1.0 specification. For this reason, Swagger Ui is ignoring the security object and it is not forwarding the header/apiKey that is defined to the backend.

To Reproduce
Steps to reproduce the behaviour:
Go to OpenAPISpec test. In the expected result you see security defined as

  "security" : [
    {
      "securitySchemes" : {
        "apiKeyAuth" : []
      }
    }
  ]

Expected behaviour
The test is passing because this is not a valid OpenApi 3.1.0 json. If you read the speficifation you will see that securitySchemes is redundant and the test should look like this:

  "security" : [
    {
      "apiKeyAuth" : []
    }
  ]

The text was updated successfully, but these errors were encountered:

…hemes field when generating open api json

kdelija added the bug Something isn't working label Aug 27, 2024

kdelija added a commit to kdelija/zio-http that referenced this issue Aug 28, 2024

Fixed zio#3058 - added securityRequirementSchema to ignore securitySc…

e42d943

…hemes field when generating open api json

jdegoes closed this as completed in 48c6a64 Aug 28, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[OpenAPI] SecurityRequirement case class produces invalid open api json #3058

[OpenAPI] SecurityRequirement case class produces invalid open api json #3058

kdelija commented Aug 27, 2024

[OpenAPI] SecurityRequirement case class produces invalid open api json #3058

[OpenAPI] SecurityRequirement case class produces invalid open api json #3058

Comments

kdelija commented Aug 27, 2024