Closed jcabarlo closed 8 years ago
Auth handlers are called via async.some
so they are not called in series, but rather pass when at least one passes.
Are there plans to support the logical AND/OR behavior? https://swagger.io/docs/specification/2-0/authentication/
I have 2 security definitions:
I have a path that I'd like to use both security middleware pieces for:
Using the above, I thought it would run both middleware functions in the order of "api_key1" and then "api_key2". Using some console logging, I am seeing that function api_key1 gets called, but, before it finishes, api_key2 is called. In my tests, api_key1 is invalid and api_key2 is valid, but, since api_key2 gets finished before api_key1, the application is returning a 200 rather than the expected 500.
To see if I'm running into callback issues, I removed the use of security in the swagger and put them as middleware in the express app and it works as expected (returning a 500 instead of a 200).
Am I doing something wrong on my swagger security or does it not function this way?