Digging through your help docs I see the issue of not supporting security schemas in OpenAPI has been open for over a year. I had to tell one of my larger clients to move to Stoplight today, which was awkward because I had put them on APIdog… Is there any movement for a fix for this?
The latest version of Apidog now supports SecuritySchema. Please upgrade to the newest version. You can find documentation about SecuritySchema here: Security Scheme in Apidog - Apidog Docs
APIDog has Security in the UI but it does not import or export with OpenAPI docs. I need the OpenAPI doc to be the source of truth in our deployment model and all security is set to even though there is a clear securityschema in the source doc, and even though the Import brought the schemas in
1 Like
Thank you for your feedback. We’re working on a fix for this issue and expect to have it resolved by next week.
Just installed the new version… still the same issue.
Yes, importing auth components with associations is not yet supported. We will notify you once it’s available.
Has there been any news on this? Just installed the latest version and I observe the same behaviour as shown here
@bissellator @taihao Please upgrade to the latest version (2.7.23 or above) as it now supports SecuritySchema. Make sure to check the corresponding option during import.
Hi,
I’m on Apidog Europe 2.7.27, freshly installed just today.
I checked the boxes during import and they show up in the Apidog UI fine. But exporting OpenAPI spec (JSON or yaml) omits them entirely.
Every endpoint is exported with security: [] and at the bottom it says
"securitySchemes": {}
Expected behaviour is
paths:
/someendpoint:
get:
...
security:
- jwtBearerAuth: [ ]
components:
securitySchemes:
jwtBearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
Hi, that’s exactly the menu I’m using for export. It’s not quite fully working still:
- The auth method I specify at the module level is exported at the root level of the yaml (as expected)
- I configure “No auth” for individual folders/ endpoints (like
/auth/loginfor example). This putssecurity: []for individual endpoints (as expected) - However, other endpoints are set to
Inherit, they’re supposed to inherit the JWT auth. This is not reflected in the exported yaml. Instead every single endpoint hassecurity: [], effectively overriding the root levelsecurity: [jwtBearerAuth]. (this is not as expected)
After testing around a bit more, I can conclude
- root level
security:always equals the module-level auth - endpoints always have
security: [], irrespective of root level auth or any folder inheritance rules - the only way to get endpoint level
security: [jwtBearerAuth]exported correctly, is to manually click through every endpoint and explicitly choose “security scheme” instead of “Inherit”
Thank you for your feedback. We’re looking into this issue.
Hello, we’ve just rolled out related optimizations. Please refresh and try exporting again to see the results.
Hi, I’m afraid the update hasn’t resolved this bug. I’m using Apidog Europe 2.7.28 now, and I’ve created a MWE to help clear things up: Apidog Europe (link valid for 7 days, I chose to share link instead of github or anything, to avoid further sources of error)
Using the UI, I configured the following
root: Explicit auth
|- folder 'secret': Inherit
|- /secret: Inherit
|- /secret2: Explicit auth
|- folder 'public': Explicit NO auth
|- /public: Inherit
|- /public2: Explicit NO auth
For reference, I’m choosing openAPI 3.1.0 and yaml export.
Unfortunately, the exported yaml does not match (/secret did not inherit):
openapi: 3.1.0
info:
title: security-export-demo
description: ''
version: 1.0.0
tags:
- name: secret
- name: public
paths:
/secret:
get:
summary: Requires auth (should inherit)
deprecated: false
description: ''
tags:
- secret
parameters: []
responses:
'200':
description: ''
content:
application/json:
schema:
type: object
properties: {}
headers: {}
security: []
/secret2:
get:
summary: Requires auth (explicit)
deprecated: false
description: ''
tags:
- secret
parameters: []
responses:
'200':
description: ''
content:
application/json:
schema:
type: object
properties: {}
headers: {}
security:
- my-security-scheme: []
/public:
get:
summary: No auth (should inherit)
deprecated: false
description: ''
tags:
- public
parameters: []
responses:
'200':
description: ''
content:
application/json:
schema:
type: object
properties: {}
headers: {}
security: []
/public2:
get:
summary: No auth (explicit)
deprecated: false
description: ''
tags:
- public
parameters: []
responses:
'200':
description: ''
content:
application/json:
schema:
type: object
properties: {}
headers: {}
security: []
webhooks: {}
components:
schemas: {}
securitySchemes:
my-security-scheme:
bearerFormat: JWT
type: http
scheme: bearer
servers: []
security:
- my-security-scheme: []
For what it’s worth, I also noticed a bug with the ‘Open URL’ button in the export menu. There, the result is different: securitySchemes and every endpoint’s security is empty entirely.
I’ve joined this demo project. Could you please grant me project admin permissions as I currently don’t have export rights? I can’t reproduce the issue with my own data.
Done! Thanks for looking into it, kindly let me know if I can help in any way
Understood, we’ll investigate this issue.
Hello, please refresh and try exporting again. We’ve released related optimizations.
Works perfectly now. Thank you for the quick fix