mvermand
Reputation: 6117
OpenApi 3.0: override global security
In OpenAPI 3, is it possible to define a SecurityScheme at global level but then override it at certain endpoints to not use security (for public accessible endpoints)?
For example (taken from https://swagger.io/docs/specification/authentication/bearer-authentication/)
openapi: 3.0.0
...
# 1) Define the security scheme type (HTTP bearer)
components:
securitySchemes:
bearerAuth: # arbitrary name for the security scheme
type: http
scheme: bearer
bearerFormat: JWT # optional, arbitrary value for documentation purposes
# 2) Apply the security globally to all operations
security:
- bearerAuth: [] # use the same name as above
And then make a given endpoint publicly accessible (unprotected)
paths:
/unprotected/path:
get:
security: []
Or should this be done in another way?
Update this question was marked as duplicate but the other question handles about Swagger 2.x and since syntax is different, I think this question and answers should remain.
Upvotes: 7
Views: 5288
Answers (1)
mvermand
Reputation: 6117
You can indeed override security on a path bases in OA3 as follows:
paths:
/unprotected/path:
get:
security: []
Upvotes: 8
Related Questions
- Turn off open API specification in production environment
- springdoc-openapi apply default global SecurityScheme possible?
- Adding security to Openapi after converting from SpringFox
- openapi-generator-cli: readonly properties
- How to define the Authorization header with a custom prefix in OpenAPI 3?
- How to apply security for each server URL in OpenAPI 3.0?
- How to set the Accept header globally in OpenAPI 3.0?
- How to use "Authorization code" for securitySchemes for OpenAPI 3.0.0?
- using openapi v3 with open liberty
- How to specify an endpoint's authorization is optional in openapi v3?