@readme/oas-examples/3.0/json/security-multiple.json

A collection of example OpenAPI 3.x and Swagger 2.0 documents.

{
  "openapi": "3.0.3",
  "info": {
    "version": "1.0.0",
    "title": "Support for cases where multiple alternate security types (AND, OR, AND OR) are listed",
    "description": "https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#securitySchemeObject"
  },
  "servers": [
    {
      "url": "https://httpbin.org"
    }
  ],
  "paths": {
    "/anything/and": {
      "post": {
        "summary": "Multiple forms of auth are required (&&)",
        "responses": {
          "401": {
            "description": "Unauthorized"
          }
        },
        "security": [
          {
            "apiKey_header": [],
            "basic": [],
            "oauth2": ["write:things"]
          }
        ]
      }
    },
    "/anything/or": {
      "post": {
        "summary": "Two forms of auth can be used, only one is required (||)",
        "responses": {
          "401": {
            "description": "Unauthorized"
          }
        },
        "security": [
          {
            "oauth2": ["write:things"]
          },
          {
            "apiKey_header": []
          }
        ]
      }
    },
    "/anything/and-or": {
      "post": {
        "summary": "Two security flows are present, one of which has multiple forms of required auth (&& ||)",
        "responses": {
          "401": {
            "description": "Unauthorized"
          }
        },
        "security": [
          {
            "oauth2": ["write:things"],
            "apiKey_header": []
          },
          {
            "oauth2_alternate": ["write:things"]
          }
        ]
      }
    },
    "/anything/many-and-or": {
      "post": {
        "summary": "Many security flows are present, each with multiple forms of required auth (&& ||)",
        "responses": {
          "401": {
            "description": "Unauthorized"
          }
        },
        "security": [
          {
            "oauth2": [],
            "basic": []
          },
          {
            "bearer": [],
            "bearer_jwt": []
          },
          {
            "bearer_jwt": []
          },
          {
            "basic": []
          },
          {
            "basic": [],
            "bearer": []
          },
          {
            "apiKey_cookie": [],
            "apiKey_header": [],
            "apiKey_query": []
          }
        ]
      }
    }
  },
  "components": {
    "securitySchemes": {
      "apiKey_cookie": {
        "type": "apiKey",
        "in": "cookie",
        "name": "api_key",
        "description": "An API key that will be supplied in a named cookie. https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#security-scheme-object"
      },
      "apiKey_header": {
        "type": "apiKey",
        "in": "header",
        "name": "X-API-KEY",
        "description": "An API key that will be supplied in a named header. https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#security-scheme-objec"
      },
      "apiKey_query": {
        "type": "apiKey",
        "in": "query",
        "name": "apiKey",
        "description": "An API key that will be supplied in a named query parameter. https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#security-scheme-objec"
      },
      "basic": {
        "type": "http",
        "scheme": "basic",
        "description": "Basic auth that takes a base64'd combination of `user:password`. https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#basic-authentication-sample"
      },
      "bearer": {
        "type": "http",
        "scheme": "bearer",
        "description": "A bearer token that will be supplied within an `Authentication` header as `bearer <token>`. https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#basic-authentication-sample"
      },
      "bearer_jwt": {
        "type": "http",
        "scheme": "bearer",
        "bearerFormat": "JWT",
        "description": "A special kind of bearer token that will be supplied within an `Authentication` header as `<bearerFormat> <token>` (and in this case `jwt <token>`). https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#jwt-bearer-sample"
      },
      "oauth2": {
        "type": "oauth2",
        "description": "An OAuth 2 security flow. https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#fixed-fields-23",
        "flows": {
          "authorizationCode": {
            "authorizationUrl": "http://example.com/oauth/dialog",
            "tokenUrl": "http://example.com/oauth/token",
            "scopes": {
              "write:things": "Add things to your account"
            }
          },
          "clientCredentials": {
            "tokenUrl": "http://example.com/oauth/token",
            "scopes": {
              "write:things": "Add things to your account"
            }
          },
          "implicit": {
            "authorizationUrl": "http://example.com/oauth/dialog",
            "scopes": {
              "write:things": "Add things to your account"
            }
          },
          "password": {
            "tokenUrl": "http://example.com/oauth/token",
            "scopes": {
              "write:things": "Add things to your account"
            }
          }
        }
      },
      "oauth2_alternate": {
        "type": "oauth2",
        "description": "An alternate OAuth 2 security flow. Functions identially to the other `oauth2` scheme, just with alternate URLs to authenticate against. https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#fixed-fields-23",
        "flows": {
          "implicit": {
            "authorizationUrl": "http://alt.example.com/oauth/dialog",
            "scopes": {
              "write:things": "Add things to your account"
            }
          }
        }
      }
    }
  }
}