What is the breakdown of different component security definitions? (ie. keys, oauth, jwt)

postman-open-technologies / knowledge-base

This is a project dedicated to mining and extracting knowledge from across the API universe.

Apache License 2.0

10 stars 5 forks source link

What is the breakdown of different component security definitions? (ie. keys, oauth, jwt) #15

Open kinlane opened 1 year ago

kinlane commented 1 year ago

Dive deeper into the security object and understand how it is used.

kinlane commented 1 year ago

Notes pulled from Wiki:

type: 39% apiKey, 30% oauth2, 28% http, 2.2% null, 1% openIdConnect

PH→ type is required so null should throw an error

for openApi, 76% in header, query 21%, cookie 3%

For http scheme, ‘Bearer’ is often misspelled ‘bearer’, ‘Basic’, is ‘basic',

PH→ For http, ‘scheme’ some of the values found are not registered with IANA, which is fine (specs says “should”), but → this should show a warning in postman

kinlane commented 1 year ago

This has been answered, but some open questions. https://github.com/postman-open-technologies/knowledge-base/blob/main/R/oas_summary.md#how-are-the-security-related-properties-used-in-apis