Forum Discussion

Quam's avatar
Quam
New Contributor
3 years ago

How to specify OR logic for scopes in security oauth2

Hello,

I have to implements a case of authentication that would accept oneOf provided scopes: OAUTH2 [scope1 OR scope2].

I've try different configurations whithout success, logic AND is always taken in consideration.

  • security:
    - check: [scope1]
    - check: [scope2]
    components
    :
    securitySchemes:
    check:
    type: oauth2
    security:
    - check: [scope1]
    - check2: [scope2]
    components
    :
    securitySchemes:
    check:
    type: oauth2
    check2:
    type: oauth2

Any advise?

Many thanks

 

3 Replies

  • HKosova's avatar
    HKosova
    SmartBear Alumni (Retired)

    Hi Quam,

    Your first example is the correct way to represent "scope1 OR scope2".

    What do you mean by "logic AND is always taken in consideration"?

    • Quam's avatar
      Quam
      New Contributor

      Thanks for replying HKosova 

      Looks like with that implementation, the only way to be authorized is to provide a token with both scopes Scope1, Scope2.

      Unless I'm always getting 403

      • HKosova's avatar
        HKosova
        SmartBear Alumni (Retired)

        This sounds like an issue with your server-side framework or OAuth library - maybe it doesn't support OpenAPI OR logic. Check the documentation on your framework/library, and if you don't find an answers there, file a ticket with them for further support.