Skip to content

Need clarification on how to handle multiple OAuth scopes in an endpoint #1106

@dclucas

Description

@dclucas

The specs make it very clear that in case of multiple security schemes are present in the spec, that should be read as a logical AND.

On the other hand, when describing the list of scopes within a scheme (see paste below), the text seems to imply a logical AND operation as well, without making it 100% explicit.

If the security scheme is of type "oauth2", then the value is a list of scope names required for the execution. For other security scheme types, the array MUST be empty.

So can we make it clear on the text whether those entries should be an "OR", "AND" or whether the specs imply no relationship whatsoever?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions