认证和授权

参考下列资料,根据３.0的规则加入securitySchemes不同的验证方式.

  "components": {
    "securitySchemes": {
      "basicAuth": {
        "type": "http",
        "scheme": "basic",
        "scopes": {
          "write:pets": "modify pets in your account",
          "read:pets": "read your pets",
          "readc:pets": "read your pets"
        }
      },
      "apiKeyAuth": {
        "type": "apiKey",
        "in": "header",
        "name": "X-API-KEY",
        "scopes": {
          "write:pets": "modify pets in your account",
          "read:pets": "read your pets",
          "readc:pets": "read your pets"
        }
      },
      "bearerAuth": {
        "type": "http",
        "scheme": "bearer",
        "bearerFormat": "JWT",
        "scopes": {
          "write:pets": "modify pets in your account",
          "read:pets": "read your pets",
          "readc:pets": "read your pets"
        }
      }
    }
    ......
}

对源码进行修改，可以按照全局的sectory或者独立的routing进行验证权限.

"security": [ { "apiKeyAuth": ["write:pets", "read:pets","read your pets"] } ],

会根据设置的策略生成出来验证的文件

具体的文件进行验证即可.

资料

swagger和openAPI: 认证和授权

authentication

Previous定义 openapi.json 文件 Next开发技巧

Last updated 6 years ago

Was this helpful?