2

I have an openapi.yml that I edit with IntelliJ.

When I preview the file using the OpenApi Editor plugin (with redoc), there is an authentication section (literally <div id="section/authentication" ...) that shows the auth options from components/securitySchemes.

When I view the same file using my standalone html page, this section does not appear

<!DOCTYPE html>
<html>
  <head>
    <title>Redoc</title>
    <!-- needed for adaptive design -->
    <meta charset="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <link
      href="https://fonts.googleapis.com/css?family=Montserrat:300,400,700|Roboto:300,400,700"
      rel="stylesheet"
    />

    <!--
    Redoc doesn't change outer page styles
    -->
    <style>
      body {
        margin: 0;
        padding: 0;
      }
    </style>
  </head>
  <body>
    <!--
    Redoc element with link to your OpenAPI definition
    -->
    <redoc spec-url="openapi.yml"></redoc>
    <!--
    Link to Redoc JavaScript on CDN for rendering standalone element
    -->
    <script src="https://cdn.redoc.ly/redoc/latest/bundles/redoc.standalone.js"></script>
  </body>
</html>

MWE openapi.yml

openapi: '3.0.3'
info:
  version: '2.0.0'
  title: My Api
paths:
  /bob:
    get:
      responses:
        '200':
          description: ok
components:
  securitySchemes:
    Basic:
      type: http
      scheme: basic
    OAuth2:
      type: oauth2
      flows:
        clientCredentials:
          tokenUrl: /oauth2
          refreshUrl: /oauth2
          scopes:
            bob: bob
security:
  - Basic: []
  - OAuth2:
     - bob

What could be causing this? How can I make the section appear?

Cephalopod
  • 14,632
  • 7
  • 51
  • 70

2 Answers2

2

The security definitions section have been moved to each operations. To use the old behavior (with a security definition under the Authentication section), you must add the following tag where you want the section to appear in the global description field : <SecurityDefinitions />

nalmada
  • 472
  • 4
  • 8
  • There is a PR opened right now ( https://github.com/Redocly/redoc/pull/2075 ) that should restore the previous behavior, so adding the tag should not be needed in the future – nalmada Jul 08 '22 at 15:48
0

securitySchemes alone are not enough, this section defines the available security schemes but does not apply them.

To actually apply security schemes to your API, you need to add the security section on the root level or to individual operations:

openapi: 3.0.3
...

components:
  securitySchemes:
    ...

# Either Basic auth or OAuth 2.0 is required
security:
  - Basic: []
  - OAuth2:
     - bob
Helen
  • 87,344
  • 17
  • 243
  • 314
  • I already tried that, same outcome – Cephalopod Jun 20 '22 at 19:39
  • I can't reproduce the issue after adding the `security` section on the root level of the `openapi.yaml` file. Your sample HTML page renders the Authorizations section as expected in this case: https://i.stack.imgur.com/a311R.png. Have you tried clearing your browser cache just in case? Are there any errors in the browser console? – Helen Jun 20 '22 at 20:01
  • 1
    Ah, I wasnt talking about this little insert, but about a whole section at the top of the page. I finally found some documentation on it https://redocly.com/docs/redoc/security-definitions-injection/ – Cephalopod Jun 20 '22 at 20:45