search

openapi-ts / openapi-typescript

Generate TypeScript types from OpenAPI 3 specs
https://openapi-ts.dev
MIT License
5.63k stars 455 forks source link

Multiple security schemes not supported #1647

Open nzapponi opened 5 months ago

nzapponi commented 5 months ago

Description

When defining multiple security schemes, the package fails to parse the spec, as it expects all security schemes to be defined in the security section.

According to the OpenAPI 3.0 spec, however, this is not required: https://swagger.io/docs/specification/authentication/ .

Conversion of type '{ openapi: string; info: { title: string; version: string; }; servers: { url: string; }[]; security: ({ sessionCookie: never[]; sessionToken?: undefined; } | { sessionToken: never[]; sessionC@dctr/api-spec:watch: ]; components: { ...; }; paths: { ...; }; }' to type 'Document' may be a mistake because neither type sufficiently overlaps with the other. If this was intentional, convert the expression to 'unknown' first.
Types of property 'security' are incompatible.
Type '({ sessionCookie: never[]; sessionToken?: undefined; } | { sessionToken: never[]; sessionCookie?: undefined; })[]' is not comparable to type 'SecurityRequirementObject[]'.
Type '{ sessionCookie: never[]; sessionToken?: undefined; } | { sessionToken: never[]; sessionCookie?: undefined; }' is not comparable to type 'SecurityRequirementObject'.
Type '{ sessionToken: never[]; sessionCookie?: undefined; }' is not comparable to type 'SecurityRequirementObject'.
Property '"sessionCookie"' is incompatible with index signature.
Type 'undefined' is not comparable to type 'string[]'.
31       apiSpec: spec as OpenAPIV3.Document,
Name Version
openapi-typescript 6.7.4

Reproduction

Define this securitySchemes components:

"securitySchemes": {
      "sessionToken": {
        "type": "http",
        "scheme": "bearer"
      },
      "sessionCookie": {
        "type": "apiKey",
        "in": "cookie",
        "name": "my_session"
      }
    }

And set:

"security": [
    {
      "sessionCookie": []
    },
    {
      "sessionToken": []
    }
  ]

The intended behavior is that clients can use either security scheme.

Expected result

For the spec to successfully be typed.

Checklist

github-actions[bot] commented 1 week ago

This issue is stale because it has been open for 90 days with no activity. If there is no activity in the next 7 days, the issue will be closed.