search

SMILEY4 / ktor-swagger-ui

Kotlin Ktor plugin to generate OpenAPI and provide Swagger UI
Apache License 2.0
156 stars 25 forks source link

Allow multiple security schemes for a route #31

Closed aleksa-djurdjulov closed 1 year ago

aleksa-djurdjulov commented 1 year ago

OAS3 allows combining security requirements with logical operators (OR and AND). More details can be found in the documentation under Using Multiple Authentication Types, but the basic logic for documenting security of a route is as follow:

security:    # A OR B
  - A
  - B
security:    # A AND B
  - A
    B
security:    # (A AND B) OR (C AND D)
  - A
    B
  - C
    D

From my observation of this library, this should be doable by changing the OpenApiRoute.securitySchemeName (link) from a String? to something like a Collection<Collection<String>> (or just Collection<String> for start, to support the OR logical operator) and supporting the following change here.

SMILEY4 commented 1 year ago

Hi, thanks for the suggestion. I added the possibility to specify a collection of strings / security scheme names in version 1.3.0. Currently, all specified names are handled via an "or"-operator, since imho this is the most common case.