我在swagger中向端点添加了一个安全字段,但是swagger-ui(editor.swagger.io)将此端点呈现为与没有安全说明的端点完全相同:
这是我添加安全说明的方式:
openapi: 3.0.0
securitySchemes:
JWT:
name: Authorization
in: header
type: apiKey
description: JWT token
security:
- JWT: []
get:
security:
- JWT: [ manager ]
这是什么问题?
答案 0 :(得分:2)
在OpenAPI 3中,您可以将securitySchemes
定义为components
部分中的组件,然后将security
设置为API顶级或端点级别。
请参见以下示例
openapi: 3.0.3
info:
title: Your API
description: Your API description
version: 0.0.1
# This sets all paths with authentication
security:
- BearerAuth: []
paths:
/users:
post:
summary: Create a new user
operationId: createUser
security: [] # <-- disable auth for a specific path
tags:
- Users
requestBody:
...
responses:
...
# The security is inherited from API level
/users/me:
get:
summary: Get user information
operationId: getUser
tags:
- Users
requestBody:
...
responses:
...
components:
# Security
securitySchemes:
BearerAuth:
type: http
scheme: bearer
bearerFormat: JWT