OpenAPI Authentication and Authorization: Difference between revisions
Jump to navigation
Jump to search
(Created page with "=External= * https://swagger.io/docs/specification/authentication =Internal= * Open API =Overview= This applies to OpenAPI 3.0. O...") |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 10: | Line 10: | ||
* HTTP authentication schemes, based on the <code>Authorization</code> header. | * HTTP authentication schemes, based on the <code>Authorization</code> header. | ||
** Basic | ** Basic | ||
** Bearer | ** [[#Bearer|Bearer token]] | ||
** Other schemes defined by RFC7245. | ** Other schemes defined by RFC7245. | ||
* API keys in headers, query strings and cookies. | * API keys in headers, query strings and cookies. | ||
| Line 16: | Line 16: | ||
* OAuth 2 | * OAuth 2 | ||
* OpenID Connect Discovery. | * OpenID Connect Discovery. | ||
=HTTP Authentication= | |||
==Bearer== | |||
Latest revision as of 17:07, 2 November 2023
External
Internal
Overview
This applies to OpenAPI 3.0.
OpenAPI uses the term security scheme for authentication and authorization schemes. OpenAPI 3.0 supports the following security schemes:
- HTTP authentication schemes, based on the
Authorizationheader.- Basic
- Bearer token
- Other schemes defined by RFC7245.
- API keys in headers, query strings and cookies.
- Cookie authentication.
- OAuth 2
- OpenID Connect Discovery.