Defining use of OAuth 2.0 in OpenAPI Specification
To be able to use OAuth 2.0 for authentication, describe the API using OAuth 2.0. It is done with so called Security Scheme Object (securitySchemes).
β
Example:
components: securitySchemes: ArbitaryName: type: oauth2 description: Optional description flows: implicit: # authorizationUrl: https://api.example.com/oauth2/authorize scopes: read_something: read data write_something: modify data
For details of OAuth 2.0 configuration options and further examples, see the OAuth 2.0 documentation.
β
β
Defining with which API operations the configured API key is used
In addition to having the Security Schemes Object for API key authentication defined, you also need to specify to what API operations should the defined security scheme apply.
In this example, we have added the Security Requirement Object (security) object after the Components object and defined the OAuth 2.0 security scheme to apply to all API operations defined in this OpenAPI Specification.
β
The added Security Requirement Object (security) is marked with bold font:
components: securitySchemes: ArbitaryName: type: oauth2 description: Optional description flows: implicit: # authorizationUrl: https://api.example.com/oauth2/authorize scopes: read_something: read data write_something: modify data security: ArbitaryName: read_something write_something
The next article is Introduction to Configuring OAuth Application