Ask a Question

How to specify OR logic for scopes in security oauth2

Quam
New Contributor

How to specify OR logic for scopes in security oauth2

Hello,

I have to implements a case of authentication that would accept oneOf provided scopes: OAUTH2 [scope1 OR scope2].

I've try different configurations whithout success, logic AND is always taken in consideration.

  • security:
    - check: [scope1]
    - check: [scope2]
    components
    :
    securitySchemes:
    check:
    type: oauth2
    security:
    - check: [scope1]
    - check2: [scope2]
    components
    :
    securitySchemes:
    check:
    type: oauth2
    check2:
    type: oauth2

Any advise?

Many thanks

 

3 REPLIES 3
HKosova
Moderator

Re: How to specify OR logic for scopes in security oauth2

Hi @Quam,

Your first example is the correct way to represent "scope1 OR scope2".

What do you mean by "logic AND is always taken in consideration"?


Helen Kosova
SmartBear Documentation Team Lead
________________________
Did my reply answer your question? Give Kudos or Accept it as a Solution to help others. ⬇️⬇️⬇️
Quam
New Contributor

Re: How to specify OR logic for scopes in security oauth2

Thanks for replying @HKosova 

Looks like with that implementation, the only way to be authorized is to provide a token with both scopes Scope1, Scope2.

Unless I'm always getting 403

HKosova
Moderator

Re: How to specify OR logic for scopes in security oauth2

This sounds like an issue with your server-side framework or OAuth library - maybe it doesn't support OpenAPI OR logic. Check the documentation on your framework/library, and if you don't find an answers there, file a ticket with them for further support.


Helen Kosova
SmartBear Documentation Team Lead
________________________
Did my reply answer your question? Give Kudos or Accept it as a Solution to help others. ⬇️⬇️⬇️
cancel
Showing results for 
Search instead for 
Did you mean: