LukeParke/openapi-types
1
0
Fork 0
mirror of https://github.com/LukeHagar/openapi-types.git synced 2025-12-06 04:20:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5685fc279692ff1df11a5ac5535be8d42c6af43f
openapi-types/2.0/security.ts
Luke Hagar 5685fc2796 Prettier formatting
2025-10-01 19:33:18 +00:00

237 lines
7.7 KiB
TypeScript
Raw Blame History

import type { Extension } from "./extensions";
/**
* Security Scheme Object
*
* Defines a security scheme that can be used by the operations. Supported schemes
* are basic authentication, an API key (either as a header or as a query parameter)
* and OAuth2's common flows (implicit, password, application and access code).
*
* @see https://swagger.io/specification/v2/#security-scheme-object
* @example
* ```typescript
* // API Key authentication
* const apiKeyScheme: SecurityScheme = {
* type: "apiKey",
* name: "X-API-Key",
* in: "header",
* description: "API key for authentication"
* }
*
* // OAuth2 with authorization code flow
* const oauth2Scheme: SecurityScheme = {
* type: "oauth2",
* flow: "accessCode",
* authorizationUrl: "https://example.com/oauth/authorize",
* tokenUrl: "https://example.com/oauth/token",
* scopes: {
* "read": "Read access to resources",
* "write": "Write access to resources"
* }
* }
*
* // Basic authentication
* const basicScheme: SecurityScheme = {
* type: "basic",
* description: "HTTP Basic Authentication"
* }
* ```
*/
export interface SecurityScheme extends Extension {
/**
* The type of the security scheme. Valid values are "basic", "apiKey" or "oauth2".
* This field is required.
*
* - **basic**: Basic HTTP authentication
* - **apiKey**: API key authentication (header or query parameter)
* - **oauth2**: OAuth 2.0 authentication
*
* @see {@link https://swagger.io/specification/v2/#security-scheme-object | Swagger 2.0 Specification - type}
*
* @example "apiKey"
* @example "oauth2"
* @example "basic"
*/
type: "basic" | "apiKey" | "oauth2";
/**
* A short description for security scheme. GFM syntax can be used for rich text representation.
*
* @see {@link https://swagger.io/specification/v2/#security-scheme-object | Swagger 2.0 Specification - description}
*
* @example "API key for authentication"
* @example "OAuth 2.0 with authorization code flow"
*/
description?: string;
/**
* The name of the header or query parameter to be used. This field is required
* for apiKey type and applies to apiKey type only.
*
* @see {@link https://swagger.io/specification/v2/#security-scheme-object | Swagger 2.0 Specification - name}
*
* @example "X-API-Key"
* @example "Authorization"
*/
name?: string;
/**
* The location of the API key. This field is required for apiKey type and
* applies to apiKey type only. Valid values are "query" or "header".
*
* @see {@link https://swagger.io/specification/v2/#security-scheme-object | Swagger 2.0 Specification - in}
*
* @example "header"
* @example "query"
*/
in?: "query" | "header";
/**
* The flow used by the OAuth2 security scheme. This field is required for
* oauth2 type and applies to oauth2 type only. Valid values are "implicit",
* "password", "application" or "accessCode".
*
* - **implicit**: Implicit flow
* - **password**: Resource owner password credentials flow
* - **application**: Client credentials flow
* - **accessCode**: Authorization code flow
*
* @see {@link https://swagger.io/specification/v2/#security-scheme-object | Swagger 2.0 Specification - flow}
*
* @example "accessCode"
* @example "implicit"
* @example "password"
*/
flow?: "implicit" | "password" | "application" | "accessCode";
/**
* The authorization URL to be used for this flow. This SHOULD be in the form of
* a URL. This field is required for oauth2 type and applies to oauth2 type only.
*
* @see {@link https://swagger.io/specification/v2/#security-scheme-object | Swagger 2.0 Specification - authorizationUrl}
*
* @example "https://example.com/oauth/authorize"
* @example "https://api.example.com/oauth/authorize"
*/
authorizationUrl?: string;
/**
* The token URL to be used for this flow. This SHOULD be in the form of a URL.
* This field is required for oauth2 type and applies to oauth2 type only.
*
* @see {@link https://swagger.io/specification/v2/#security-scheme-object | Swagger 2.0 Specification - tokenUrl}
*
* @example "https://example.com/oauth/token"
* @example "https://api.example.com/oauth/token"
*/
tokenUrl?: string;
/**
* The available scopes for the OAuth2 security scheme. The key is the scope name
* and the value is a short description of the scope. This field is required for
* oauth2 type and applies to oauth2 type only.
*
* @see {@link https://swagger.io/specification/v2/#security-scheme-object | Swagger 2.0 Specification - scopes}
*
* @example { "read": "Read access to resources", "write": "Write access to resources" }
* @example { "admin": "Administrative access" }
*/
scopes?: Scopes;
}
/**
* Scopes Object
*
* Lists the available scopes for an OAuth2 security scheme.
*
* @see https://swagger.io/specification/v2/#scopes-object
* @example
* ```typescript
* const scopes: Scopes = {
* "write:pets": "modify pets in your account",
* "read:pets": "read your pets"
* }
* ```
*/
export interface Scopes {
/**
* Maps between a name of a scope to a short description of it (as the value of the property).
* The key is the scope name and the value is a short description of the scope.
*
* @see {@link https://swagger.io/specification/v2/#scopes-object | Swagger 2.0 Specification - scopes}
*
* @example { "read": "Read access to resources", "write": "Write access to resources" }
* @example { "admin": "Administrative access" }
*/
[scopeName: string]: string;
}
/**
* Security Requirement Object
*
* Lists the required security schemes to execute this operation. The object can have
* multiple security schemes declared in it which are all required (that is, there is
* a logical AND between the schemes). The name used for each property MUST correspond
* to a security scheme declared in the Security Definitions.
*
* @see https://swagger.io/specification/v2/#security-requirement-object
* @example
* ```typescript
* // Non-OAuth2 Security Requirement
* const nonOAuth2Security: SecurityRequirement = {
* "api_key": []
* }
*
* // OAuth2 Security Requirement
* const oauth2Security: SecurityRequirement = {
* "petstore_auth": [
* "write:pets",
* "read:pets"
* ]
* }
* ```
*/
export interface SecurityRequirement {
/**
* Each name must correspond to a security scheme which is declared in the Security Definitions.
* If the security scheme is of type "oauth2", then the value is a list of scope names
* required for the execution. For other security scheme types, the array MUST be empty.
*
* @see {@link https://swagger.io/specification/v2/#security-requirement-object | Swagger 2.0 Specification - security requirement}
*
* @example { "api_key": [] }
* @example { "oauth2": ["read", "write"] }
*/
[schemeName: string]: string[];
}
/**
* Security Definitions Object
*
* A declaration of the security schemes available to be used in the specification.
* This does not enforce the security schemes on the operations and only serves to
* provide the relevant details for each scheme.
*
* @see https://swagger.io/specification/v2/#security-definitions-object
* @example
* ```typescript
* const securityDefinitions: SecurityDefinitions = {
* "api_key": {
* "type": "apiKey",
* "name": "api_key",
* "in": "header"
* },
* "petstore_auth": {
* "type": "oauth2",
* "authorizationUrl": "http://swagger.io/api/oauth/dialog",
* "flow": "implicit",
* "scopes": {
* "write:pets": "modify pets in your account",
* "read:pets": "read your pets"
* }
* }
* }
* ```
*/
export type SecurityDefinitions = Record<string, SecurityScheme>;
Reference in New Issue View Git Blame Copy Permalink