[OAS 3.1.0] All security schemes may now define required roles #590

Azquelt · 2024-01-19T17:56:13Z

Previously, in a Security Requirement Object, roles were only valid for oauth2 and openIdConnect (where they correspond to required scopes required for execution) but now roles can be specified for all security schemes.

We should:

Update our documentation to reflect the removal of this limitation:
- SecurityRequirement annotation Javadoc
- SecurityRequirement model interface Javadoc
Add a test which builds a model with roles where they were not previously allowed
Add a test which uses annotations to declare a security requirement with roles for a previously unsupported type

The text was updated successfully, but these errors were encountered:

benjamin-confino · 2024-05-14T10:02:52Z

Please assign this one to me.

Azquelt added the OAS 3.1.0 All issues related to OpenAPI version 3.1.0 support label Jan 19, 2024

Azquelt added this to the MP OpenAPI 4.0 milestone Jan 19, 2024

Azquelt mentioned this issue Jan 19, 2024

Evaluate OpenAPI 3.1 for changes (to update this spec) #333

Closed

Azquelt assigned benjamin-confino May 14, 2024

benjamin-confino mentioned this issue May 14, 2024

590 roles in security schemes #615

Merged

Azquelt closed this as completed in #615 May 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[OAS 3.1.0] All security schemes may now define required roles #590

[OAS 3.1.0] All security schemes may now define required roles #590

Azquelt commented Jan 19, 2024 •

edited

Loading

benjamin-confino commented May 14, 2024

[OAS 3.1.0] All security schemes may now define required roles #590

[OAS 3.1.0] All security schemes may now define required roles #590

Comments

Azquelt commented Jan 19, 2024 • edited Loading

benjamin-confino commented May 14, 2024

Azquelt commented Jan 19, 2024 •

edited

Loading