We are trying to move our configured parameters to the auth portion (securityDefinitions) of the swagger, but running into an issue.
In our current parameters, we have 3 headers which we can say are a, x, and y. When authenticating our service, we require either header a or both header x and y.
While we can get the 2 options configured, we are unclear on how to get the y option to be required with the x auth process
securityDefinitions:
DomainSessionAuth:
type: apiKey
in: header
name: a
description: Single session identity authentication
JwtAuth:
type: apiKey
in: header
name: x
description: JWT authentication requiring both X-JWT and Y-JWT headers
in paths objects
security:
- DomainSessionAuth: []
- JwtAuth: []
Is this even possible with swagger 2.0? If so, any ideas on how we can adjust our code to allow both options in the auth process?
Add separate securityDefinitions for X and Y headers:
securityDefinitions:
DomainSessionAuth:
type: apiKey
in: header
name: a
description: Single session identity authentication
JwtAuthX: # <-----
type: apiKey
in: header
name: x # <-----
description: JWT authentication requiring both X-JWT and Y-JWT headers
JwtAuthY: # <-----
type: apiKey
in: header
name: y # <-----
description: JWT authentication requiring both X-JWT and Y-JWT headers
Then define security as follows. Note no - before JwtAuthY, it's part of the same object as JwtAuthX:
security:
- DomainSessionAuth: []
- JwtAuthX: []
JwtAuthY: []
This means "requires either DomainSessionAuth or JwtAuthX+JwtAuthY".
More information: Using Multiple Authentication Types