Swagger UI "thinks" all Roles are required for OAuth2 authentication. #2155
Comments
|
The spec actually requires that. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The REST API I'm using Swagger 2.1.4 on, uses OAuth2 for authentication. The API accepts two roles/scopes to access a certain method; either "read" or "admin".
The relevant part of the Swagger:
"security": [ { "oauth2": [ "admin", "read" ] } ]The Swagger UI "thinks" both roles/scopes are required to execute the method, but this is not the case. The user can be in either role/scope to execute the method; either "admin" or "read" (or both).
After authenticating through the Swagger UI using the "flip switch" and selecting a single role/scope, it shows the yellow exclamation mark, next to the "OFF" image, indicating that not all the proper security requirements have been met since the user is in only 1 role.
This is imho incorrect; the user (in this case) is in the "read" role/scope and can execute the method. When we "ignore" the yellow exclamation mark, and hit "Try it out!" after authenticating, the call works, but it would be great if we can get rid of this exclamation mark, and shows the blue "ON" indicator.
Here's a screenshot of what I see in this situation (purposely hovering over the exclamation mark to show the configured roles):
The text was updated successfully, but these errors were encountered: