Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Support for scopes in scheme bearer

See original GitHub issue

Hi, JWT based access token (bearer) can contain scopes like read_pets, write_pets etc. that could be used to authorize an api request from an app. Why don’t Open API spec talk about scopes for scheme: bearer? Shouldn’t this be described in the spec as it is a widely used pattern for API authN & authZ?


        - bearerAuth: [read:pets, write:pets]


Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:1
  • Comments:6 (3 by maintainers)

github_iconTop GitHub Comments

MikeRalphsoncommented, Feb 20, 2021

Unfortunately we can’t add examples of every combination of OAS feature. I’ll add one here when I get back to my desk.

unikitty37commented, Apr 2, 2021

Thanks — I think I’ve been a little confused by what I thought this was going to be.

Basically, a logged-in user has a role of contributor, editor, or admin. A logged out user is treated as having the role of anonymous.

I was hoping this would allow me to say that an API call is only available with a role of editor or admin, but it seems that the Security Requirement Object still uses AND rather than OR. I appreciate the issue tracker probably isn’t the best place for asking this, but is this possible with 3.1? If not, would it be worth making a feature request?

Read more comments on GitHub >

github_iconTop Results From Across the Web

Bearer Authentication - Swagger
Bearer authentication (also called token authentication) is an HTTP authentication scheme that involves security tokens called bearer tokens.
Read more >
Verify scopes and app roles protected web API - Microsoft Entra
Verify scopes in APIs called on behalf of users. If a client app calls your API on behalf of a user, the API...
Read more >
OAuth2 scopes - FastAPI
These scopes represent "permissions". In OpenAPI (e.g. the API docs), you can define "security schemes". When one of these security schemes uses OAuth2,...
Read more >
How to manage OAuth 2.0 scopes - Connect2id
Give a name space for the scopes for each protected resource -- To make sure the scope values for two different resources don't...
Read more >
JWT Bearer Authentication and Authorization for ASP.NET ...
... JWT Bearer authentication and authorization (based on scopes) for ... The helper can now be used to register an authentication service ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found