How to specify OR logic for scopes in security oauth2

Question

Hello,I have to implements a case of authentication that would accept oneOf provided scopes: OAUTH2 [scope1 OR scope2].I've try different configurations whithout success, logic AND is always taken in consideration.security:  - check: [scope1]  - check: [scope2]components:  securitySchemes:    check:      type: oauth2security:  - check: [scope1]  - check2: [scope2]components:  securitySchemes:    check:      type: oauth2    check2:      type: oauth2Any advise?Many thanks&nbsp;

hkosova · Answer

Hi&nbsp;Quam,
Your first example is the correct way to represent "scope1 OR scope2".
What do you mean by "logic AND is always taken in consideration"?

quam · Answer

Thanks for replying&nbsp;HKosova&nbsp;Looks like with that implementation, the only way to be authorized is to provide a token with both scopes Scope1, Scope2.Unless I'm always getting 403

hkosova · Answer

This sounds like an issue with your server-side framework or OAuth library - maybe it doesn't support OpenAPI OR logic. Check the documentation on your framework/library, and if you don't find an answers there, file a ticket with them for further support.

Forum Discussion

How to specify OR logic for scopes in security oauth2

Related Content

log4j security vulnerability

User scope in TestComplete

Scope of Data-Driven Loop Table Variable

[Solved] SSL Handshake exception calling a secure webservice

Improvement suggestions for property scoping

Recent Discussions

3.1.0 Editor exports inlined?

Error exporting Standardization rules

Import API using API endpoint with Authorization

Having issue with 'should NOT have additional properties additionalProperty: responses'

Error 400 - Bad Request