search

Authress-Engineering / openapi-explorer

OpenAPI Web component to generate a UI from the spec.
Apache License 2.0
316 stars 42 forks source link

Hide security schema for endpoint when none is required #215

Closed splitbrain closed 10 months ago

splitbrain commented 10 months ago

Generally all my API endpoints are secured by JWT and BasicAuth (thanks for addressing #213 so quick). But for some select endpoints no authentication is required. As far as I understand this can be signaled by overriding the security field of that specific method:

"paths": {
        "\/core.getAPIVersion": {
            "post": {
                "security": [
                    {}
                ],
            ...
        }
}

The explorer seems not to properly recognize this, and shows a lock symbol with an empty authentication:

screenshot-localhost-2024 01 05-13_50_17

When using https://editor-next.swagger.io/ it is correctly shown with either a lock or no lock:

screenshot-editor-next swagger io-2024 01 05-13_52_16

wparad commented 10 months ago

This is now fixed in the latest version. For future issues please include a minimal reproducible spec as it is not immediately obvious if the changes that are make 100% rectify the exact scenario. For instance in this case, there is at least one scenario that was problematic, and has been fixed, but that doesn't mean there aren't other corner cases that need to be taken care of. Fixed in 2.1.654.

splitbrain commented 10 months ago

Thanks! Will do.