is it possible to describe both implicit and application oauth flows without duplicating scope #510
Description
similar to #37 but I think not exactly the same.
Is it possible to describe with Swagger an API that allows you to use EITHER the implicit OR the application OAuth2 flows, where each have the same options for scopes? Using the swagger-ui, it seems to me that the scopes aren't deduplicated.
For example given this definition:
"securityDefinitions": {
"oauth_code": {
"type": "oauth2",
"authorizationUrl": "dmm_api/authorize",
"flow": "application",
"tokenUrl": "dmm_api/create_token",
"scopes": {
"create:identifer": "create an identifier"
}
},
"oauth_app": {
"type": "oauth2",
"authorizationUrl": "dmm_api/authorize",
"flow": "implicit",
"scopes": {
"create:identifer": "create an identifier"
}
}
},
"paths": {
"/dmm_api/item/create": {
"post": {
"description": "Creates a new item",
"operationId": "createItem",
"tags":[ "identifier"],
"parameters":[ {
"name": "comment", "type": "string"
}],
"security":[ {
"oauth_code":[ "create:identifier"]
},
{
"oauth_app":[ "create:identifier"]
}]
}
}
}
the swagger-ui interprets these as two different scopes.
I might be misunderstanding either swagger or oauth here though...
thanks!