Can’t get having multiple authorisations to work

mirabilos commented 5 years ago

I’ve defined a Pair of API Keys scenario. First, the global definition: Maven…

<securityDefinitions>
        <securityDefinition>
                <jsonPath>${project.basedir}/src/main/swagger/secdef.jsn</jsonPath>
        </securityDefinition>
</securityDefinitions>

… and JSON:

{
  "token": {
    "description": "Token returned by the /authentication API",
    "in": "header",
    "name": "X-CustomToken",
    "type": "apiKey"
  },
  "username": {
    "description": "LDAP user ID of the employee or machine doing the request",
    "in": "header",
    "name": "X-Username",
    "type": "apiKey"
  }
}

Now I’m trying to annotate the API:

@Api(authorizations = { @Authorization("username"), @Authorization("token") })

However, this produces…

    "security" : [ {
      "username" : [ ]
    }, {
      "token" : [ ]
    } ]

… instead of the desired:

    "security" : [ {
      "username" : [ ],
      "token" : [ ]
    } ]

This is a showstopper bug for us.

mirabilos commented 5 years ago

Hmm, I found out a way to make do without the second (username) custom header.

TamasNeumer commented 5 years ago

Hi! @mirabilos

What was your solution in the end? Did you use token auth only and hence dropped the username? I'm facing the same issue - i need two blocks (api_key and google_id_token) and I can't drop any of these...

mirabilos commented 5 years ago

Hi Tamas,

What was your solution in the end? Did you use token auth only and hence dropped the username?

indeed, we ensured that the later API calls only need the token.

I'm facing the same issue - i need two blocks (api_key and google_id_token) and I can't drop any of these...

Sorry about that, prod the author some more then… good luck!

kongchen / swagger-maven-plugin

Can’t get having multiple authorisations to work #689