search

OAI / OpenAPI-Specification

The OpenAPI Specification Repository
https://openapis.org
Apache License 2.0
28.97k stars 9.07k forks source link

OIDC auth and token enpoints to support enironments like servers section does #3101

Open mcrobbj opened 1 year ago

mcrobbj commented 1 year ago

Servers section allows for multiple urls's however oidc only allows a single oidc server

handrews commented 5 months ago

@mcrobbj – It's not entirely clear what you want to have happen here, could you please elaborate? (most of the maintainers are not security experts, so you'll need to explain your use case and any relevant standards of which we should be aware)

mcrobbj commented 5 months ago

The security section assumes I have one IAM I want to be able to have one per environment

servers:

So something like this

securitySchemes:

mutualTLS:

description: Mutual TLS

type: mutualTLS

scheme: mutual

oauthAuthCode:
  description: Auth Code
  type: oauth2
  flows:
    authorizationCode:
      authorizationUrl: 'https://

{environment}.secure.server.test/authorization' tokenUrl: 'https://{environment}.secure.server.test/token' variables: environment: default: api.sit # SIT server enum:

On Fri, 24 May 2024 at 19:25, Henry Andrews @.***> wrote:

@mcrobbj https://github.com/mcrobbj – It's not entirely clear what you want to have happen here, could you please elaborate? (most of the maintainers are not security experts, so you'll need to explain your use case and any relevant standards of which we should be aware)

— Reply to this email directly, view it on GitHub https://github.com/OAI/OpenAPI-Specification/issues/3101#issuecomment-2130128494, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACQL2EGUFFIP6XMTLYAUNGLZD6AY5AVCNFSM6AAAAAATBTTVNWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMZQGEZDQNBZGQ . You are receiving this because you were mentioned.Message ID: @.***>