It’s tricky.
>From the spec - >https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#securityRequirementObject: “Each name must correspond to a security scheme which is declared in the Security Definitions. If the security scheme is of type "oauth2", then the value is a list of scope names required for the execution. For other security scheme types, the array MUST be empty.” Meaning, the scopes are not optional… From: <[email protected]> on behalf of Ron Dagostino <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Thursday, 22 December 2016 at 13:02 To: Swagger <[email protected]> Subject: Swagger-UI Authorize Button requires at least 1 scope? Hi folks. Swagger-UI provides an "Authorize" button at the top of the page, and the resulting dialog requires at least 1 scope be enabled before the UI will attempt to get a token (at least with the application/client_credentials flow and the recently-merged password flow; I haven't tried other flows). Yet if there are endpoints that require authentication but no particular scope (i.e. they are open to any authenticated client regardless of the token scope) then it becomes necessary to authorize via the little icon that appears next to actual endpoint further down in the UI -- the "Authorize" button won't let me get empty tokens. It seems reasonable to me that I might want to request an empty token via the "Authorize" button at the top of the UI. Does this seem reasonable to others, and this should be created as an issue, or am I missing something? Ron -- You received this message because you are subscribed to the Google Groups "Swagger" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "Swagger" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
