gantiplex
New Contributor
Joined 4 years ago
User Profile
User Widgets
Contributions
Confused about defining the spec for auth
Preface: Unsure of the board this question needs to be posted on . . . there is no OAS specific one. - If were to have a single endpoint for authentication, I would define like so at the global level: components: securitySchemes: OAuth: type: oauth2 description: OAuth2 authentication scheme based on JWT flows: implicit: authorizationUrl: /namespace/auth scopes: machine: Grants access to namespace for machine operations user: Grant access to namespace for a given client's user operations reseller: Grant access to namespace for reseller operations suppport: Grant access to namespace for support operations developer: Grant access to namespace for developer operations admin: Grant access to namespace for admin operations superadmin: Grant access to namespace for superadmin operations - But for project specific reasons, I have split the authentication pipeline into the following: namespace/auth/machine namespace/auth/user - Confusion is about where to define the security schemes (docs say global components/securitySchemes) and the authorizationUrl