This is a temporary change to remove our current "security" features.
I feel like this part of Xpresso is mostly a 1:1 port of FastAPI, and it's always been one of my least favorite parts of FastAPI.
It is currently pretty awkward to implement actual security (like verifying JWTs and checking scopes, etc.).
There is also no way to do boolean logic with security, like (key1 and key2) OR (oauth2), never mind have that be reflected in OpenAPI.
Thus I think these APIs need to be reworked from the ground up, and there is not much value in keeping a half baked implementation around just so we brake people's stuff when we change it.
This is a temporary change to remove our current "security" features.
I feel like this part of Xpresso is mostly a 1:1 port of FastAPI, and it's always been one of my least favorite parts of FastAPI. It is currently pretty awkward to implement actual security (like verifying JWTs and checking scopes, etc.). There is also no way to do boolean logic with security, like
(key1 and key2) OR (oauth2), never mind have that be reflected in OpenAPI.Thus I think these APIs need to be reworked from the ground up, and there is not much value in keeping a half baked implementation around just so we brake people's stuff when we change it.