Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is there a way to disable security for specific endpoints? #944

Closed
pheanex opened this issue May 14, 2019 · 2 comments
Closed

Is there a way to disable security for specific endpoints? #944

pheanex opened this issue May 14, 2019 · 2 comments

Comments

@pheanex
Copy link

pheanex commented May 14, 2019

Description

We want to be able to custom configure security on different paths. (I.e. enable/disable security entirely). As far as I understand from these discussions, this should be possible by providing an empty security-object on a operation object:

=> It seems that overriding security on operation level does not work as intended, or am I doing something wrong here?

Expected behaviour

When I specify an empty security object on an operation object, I would expect that the application does not require authentication of any kind on this path, as the global security object is overridden.

Actual behaviour

Calling the path still requires authentication and fails.

Steps to reproduce

Specify a global security setting and override it on a operation object and call the application on that endpoint.

Additional info:

Python 3.7.3
Version: 2.2.0
@sochi
Copy link
Contributor

sochi commented May 28, 2019
edited
Loading

As long as I understand the issue correctly, we are using this functionality already.. which makes me think that your API definition might be incorrect.
Perhaps you could provide content of (or a snippet of) openapi.yaml/swagger.yaml file?

Using the straightforward approach works fine, based on my observations:

  /custom_operation_endpoint/:
    get:
      tags: [CustomTag]
      security: []  # doing this disables the default security for this particular operation
      summary: Write your summary here..
      responses:
        200:
          description: Returns the result..
          schema:
            type: object
            properties:
              ...

(for reference, the usage of security is documented in https://swagger.io/specification/#oasObject)

@pheanex
Copy link
Author

pheanex commented Jun 3, 2019

Seems like you were right. I was able to disable security on a specific endpoint now.
Can't tell what the issue was though.
=> Thank you

@pheanex pheanex closed this as completed Jun 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sochi @pheanex