OpenAPI Authentication and Authorization: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
 
(One intermediate revision by the same user not shown)
Line 10: Line 10:
* HTTP authentication schemes, based on the <code>Authorization</code> header.
* HTTP authentication schemes, based on the <code>Authorization</code> header.
** Basic
** Basic
** Bearer token
** [[#Bearer|Bearer token]]
** Other schemes defined by RFC7245.
** Other schemes defined by RFC7245.
* API keys in headers, query strings and cookies.
* API keys in headers, query strings and cookies.
Line 16: Line 16:
* OAuth 2
* OAuth 2
* OpenID Connect Discovery.
* OpenID Connect Discovery.
=HTTP Authentication=
==Bearer==

Latest revision as of 17:07, 2 November 2023

External

Internal

Overview

This applies to OpenAPI 3.0.

OpenAPI uses the term security scheme for authentication and authorization schemes. OpenAPI 3.0 supports the following security schemes:

  • HTTP authentication schemes, based on the Authorization header.
  • API keys in headers, query strings and cookies.
    • Cookie authentication.
  • OAuth 2
  • OpenID Connect Discovery.

HTTP Authentication

Bearer