If there are more than one required security schemes, defined for an operation, the security auth handler should have been validating all the security requirements. But the current code passes the check if at least one security check succeeds.
The code here returns passed = true, if at least one of the requirement passes.
Lists the required security schemes to execute this operation. The object can have multiple security schemes declared in it which are all required (that is, there is a logical AND between the schemes).
The code here returns
passed = true
, if at least one of the requirement passes.This should be a logical AND instead of OR, as per the swagger spec 2.0. https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object