cancel
Showing results for 
Search instead for 
Did you mean: 

Swagger 2.0 apiKey authentication and scopes

New Member

Swagger 2.0 apiKey authentication and scopes

Hi community,

 

I use this security definition in our project:

 

securityDefinitions:
  JwtBearerAuth:
    typeapiKey
    nameAuthorization
    inheader
    x-apikeyInfoFunc"services.token_service.verifyToken"
 
with the following endpoint:
 
paths:
  /secret:
    get:
      security:
        - JwtBearerAuth: []
      operationId"rest.user.secret"
      tags:
        - "User"
      summary"Testpage for authentication"
      description"Should only be accessible with a valid JWT token in the 'authorization' header"
      responses:
        '200':
          description"OK"
        '401':
          description"No or an invalid token was provided"
 
and I wanted to ask what the best way is, to achieve a form of role-management. For example i want to add the role-information in my endpoint, like roles: ["admin"]. Is this possible with this configuration?
 
Best Regards
 
1 REPLY 1
Highlighted
Moderator

Hi @Herry,

 

The next version of the spec, OpenAPI 3.1 (which is in the RC stage now), will support defining roles for operations secured with API keys:

paths:
  /secret:
    get:
      security:
        - JwtBearerAuth: [admin]   # <-----

 

In OpenAPI 2.0 and 3.0, you can mention these roles in the operation descriptions.


Helen Kosova
SmartBear Documentation Team Lead
________________________
Learn SmartBear products in a fun and easy way and prove your knowledge!
>>Participate in the TechCorner Challenge today
New Here?
Join us and watch the welcome video:
Announcements