Contributions
Can securitySchemes be defined in a domain?
I'm trying to use domain specs (OAS3) to define standard, reusable components that can be used in multiple APIs. I'm getting errors when I try to use a $ref: to add a securityScheme that was defined in a domain to the security property of an API. It works fine if the components.securitySchemes are defined directly within the API spec itself. I've done some searching and I can't find any documentation or examples showing how to make this work, but I also haven't found anyplace where it says this can or can't be done. To illustrate: In my domain spec (Example-Domain/1.0.2) I have the following: securitySchemes: bearerToken: type: http scheme: bearer bearerFormat: JWT In my API spec I have this: security: - $ref: 'https://api.swaggerhub.com/domains/myOrg/Example-Domain/1.0.2#/components/securitySchemes/bearerToken' The following error are returned for the line containing the $ref: should be an array Security requirements must match a security definition If I put the same security scheme definition into the API spec itself and modify the security section as follows, it works fine. security: - bearerToken: [] Am I doing something wrong? Thanks!Solved2.1KViews0likes1Comment