Re: Defining role/permission security

Does this apply though if you're using other types of authentication? We're not using oauth2 in our project. On Sunday, October 23, 2016 at 6:55:23 PM UTC-5, tony tam wrote: > > Hi, yes, you would create multiple securityDefinition objects--see here > for details >

Re: Defining role/permission security

Cool thanks, I'm planning to use JWT, so the api_key approach def will fit properly! My main problem is that scopes are defined only for OAUTH approach. JWT supports the notion of scopes, so it would be great to see this for api_key as well (or a new profile JWT) what do you think? T Il

Re: Defining role/permission security

Hi, yes, you would create multiple securityDefinition objects--see here for details on that structure. Then, on each operation that is secured, assign the required security, which references

Re: Defining role/permission security

I'm quite interested in this as well! is there any way (within the same swagger file) to create a set of basic endpoints available as open/public API and a superset for private/internal use only. Thanks! Il giorno giovedì 20 ottobre 2016 18:30:11 UTC+1, Diff ha scritto: > > In my API