Can securitySchemes be defined in a domain?
I'm trying to use domain specs (OAS3) to define standard, reusable components that can be used in multiple APIs. I'm getting errors when I try to use a $ref: to add a securityScheme that was defined in a domain to the security property of an API. It works fine if the components.securitySchemes are defined directly within the API spec itself. I've done some searching and I can't find any documentation or examples showing how to make this work, but I also haven't found anyplace where it says this can or can't be done. To illustrate:
In my domain spec (Example-Domain/1.0.2) I have the following:
securitySchemes:
bearerToken:
type: http
scheme: bearer
bearerFormat: JWTIn my API spec I have this:
security:
- $ref: 'https://api.swaggerhub.com/domains/myOrg/Example-Domain/1.0.2#/components/securitySchemes/bearerToken'
The following error are returned for the line containing the $ref:
- should be an array
- Security requirements must match a security definition
If I put the same security scheme definition into the API spec itself and modify the security section as follows, it works fine.
security:
- bearerToken: []
Am I doing something wrong?
Thanks!
Hi MOverholt-AFI,
Currently, domains cannot contain security schemes:
Note: The OpenAPI 3.0
componentssection can containsecuritySchemes, however, domains cannot contain them.There's a feature request in our internal tracker to support this in the future, and I've added your vote to it.
