OpenAPI and JSON-LD
Hello, Could you please tell me if OpenAPI supports the use of JSON-LD? I am using OpenAPI 3.0.1, and I am trying to include in the Schema some context information in order to add IRIs for objects/properties that are described in the Schema. If yes, are there any examples available? If not, do you know of any alternatives besides using x-<label>? Thank you very much for your help! Florina
How to get generate ZonedDateTime from OpenApi?
I am trying get `ZonedDateTime` in my generated code from OpenApi. There is a `If-Modified-Since` header that OpenApi generates on my endpoint but it's in the type of `LocalDateTime`. This is causing issues on my integration tests. task buildEndpointsFromYAML(type: org.openapitools.generator.gradle.plugin.tasks.GenerateTask) { generatorName = "spring" inputSpec = acquirerYML outputDir = "$buildDir/generated".toString() groupId = "$project.group" id = "$project.name-java-client" version = "$project.version" apiPackage = "com.abc.xyz.apiEndpoints" modelPackage = "com.abc.xyz.apiModels" enablePostProcessFile = true skipOverwrite = false typeMappings = [ OffsetDateTime: "ZonedDateTime" ] importMappings = [ "java.time.OffsetDateTime" : "java.time.ZonedDateTime" ] configOptions = [ configPackage : "com.abc.xyz.apiEndpoints.config", java11 : "true", dateLibrary : "java8-localdatetime", serializationLibrary: "jackson", library : "spring-boot", useBeanValidation : "true", interfaceOnly : "true", serializableModel : "true", useTags : "true" ] } I've tried to some of the suggestions here too: https://stackoverflow.com/questions/56237650/use-java-time-instant-to-represent-datetime-instead-of-offsetdatetime but either it resulted in compilation errors or the type would go from `LocalDateTime` to `Object` as opposed to `ZonedDAteTime`. This is part of the swagger.yaml: parameters: - name: If-Modified-Since in: header description: If-Modified-Since required: false type: string format: date-time Thanks for any guidance!
How to define a secret key / signature based security scheme?
Skimming the Swagger documentation for authentication / authorization schemes in OAS 3.0, I don't see a clear way to define my API as utilizing signature-based authentication. I have an API where all requests must be passed two properties: `api_key` (which uniquely defines the user) and `signature` (which is computed using the request path, query string, and a secret key). The server keeps a copy of their secret key and generates the same signature using the same process, then compares the two signatures. This way unlike API key auth (where the full authentication credentials are passed over the internet, hopefully secured by HTTPS) there is never enough information passed for a man-in-the-middle to trivially forge requests (other than replay attacks using the exact same request). I feel like signature-based authentication isn't so rare as to be excluded from the OpenAPI specification. AWS uses signature-based authentication for almost all of their services! Is there a way to define this as a security scheme? Or is this a missing feature from the spec?
