Comments (5)
gromakovsky
commented on August 24, 2024
1
Oh, I see, thanks.
Would you make a PR to fix this?
Yep, everything is clear now, so I'll probably do it, hopefully within a couple of weeks.
from openapi3.
gromakovsky
commented on August 24, 2024
So I tried putting something into _openApiSecurity and got the following error in Swagger Editor:
Semantic error at security.0
Security requirements must match a security definition
I didn't read OpenAPI specification carefully, but it looks like I must provide security definitions in order to specify security requirements, but apparently I can't do that in openapi3. Am I missing something?
from openapi3.
gromakovsky
commented on August 24, 2024
Update after reading OAS: apparently I should use _componentsSecuritySchemes :: Definitions SecurityScheme field (in the Components type) to provide all security definitions. SecurityDefinitions is just a newtype for Definitions SecurityScheme. So apparently _swaggerSecurityDefinitions :: SecurityDefinitions was changed to _componentsSecuritySchemes :: Definitions SecurityScheme in 821654c which made SecurityDefinitions type useless (? still not sure), but it was forgotten to remove this type.
from openapi3.
maksbotan
commented on August 24, 2024
Hi!
apparently I should use _componentsSecuritySchemes :: Definitions SecurityScheme field (in the Components type) to provide all security definitions
Yes. See an example here: https://github.com/biocad/web-template/blob/master/src/Web/Template/Servant/Auth.hs#L295
So apparently _swaggerSecurityDefinitions :: SecurityDefinitions was changed to _componentsSecuritySchemes :: Definitions SecurityScheme in 821654c which made SecurityDefinitions type useless (? still not sure)
Looks like so. However, there is one difference, namely in Semigroup instance for SecurityDefinitions: it uses unionWith (<>), while Definitions SecuritySchem would use the plain union which discards the second version of the conflicting key.
openapi3/src/Data/OpenApi/Internal.hs
Lines 1100 to 1102 in ea20d09
It would only matter for SecuritySchemeOAuth2 type:
openapi3/src/Data/OpenApi/Internal.hs
Lines 1094 to 1097 in ea20d09
Semigroup for this type merges two objects, in case they have different filled flow types. I think this is actually a correct behavior and dropping the newtype was a mistake.
Would you make a PR to fix this?
BTW, the newtype is still used in tests.
from openapi3.
maksbotan
commented on August 24, 2024
Thanks!
from openapi3.
Related Issues (20)
- `encodePretty` should be exposed from `Data.OpenApi`
- Invalid schema with types with primes (`'`)
- Generic polymorphic schema handle lists differently to aeson HOT 2
- Outdated documentation re sum encoding differs ToSchema/ToJSON? HOT 1
- Wrong format when generating empty scopes map HOT 2
- Exception when parsing newer OpenApi3 schemas HOT 4
- Add `nullable` attribute HOT 4
- _OpenApiItemsArray and _OpenApiItemsObject should be Prisms, not Reviews
- invalid schema HOT 1
- Structural error at components.schemas.AggregateMRQuery.properties.select.items.items should be object HOT 2
- SecurityDefinitions missing "Index" and "IxValue" type family instances
- SecurityDefinitions missing "Ixed" and "At" type-class instances
- Allow GHC-9.6
- Mismatch between ToJSON and ToSchema with nullary single-record constructor
- How to implement allOperations for optics? HOT 2
- Hardcoded references
- add `ToSchema Schema` instance
- validateJSON semantics with `allOf` seem incorrect
- Why are the schemas different for `ToParamSchema UUID` and `ToSchema UUID`
- Prefix stripping when a `$ref` is parsed as a `Referenced` is confusing HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from openapi3.