Do not default to an empty list if a property is missing in the OpenAPI description #1797
Description
Describe the bug
According to the Operation Object description, The security property should be treated differently depending on whether it was missing or explicitly set to an empty array. If it was an empty array, it should clear the root level security property declaration. If it wasn't provided, the root level declaration applies to the operation.
OpenApi File To Reproduce
openapi: 3.0.0
info:
title: test
version: "1.0"
paths:
/test:
get:
description: description for test path
responses:
'200':
description: test
security: [] #<---- this operation should not use any security. if we remove this, the operation will use the root level security declaration
security:
- apiKey0: [] #<---- root level security declaration
components:
securitySchemes:
apiKey0:
type: apiKey,
name: x-api-key,
in: headerExpected behavior
If the security property is not provided, the value in the library should be null to allow differentiating between missing and empty properties. Another alternative is to allow checking if a property was provided in the document.
Screenshots/Code Snippets
N/A
Additional context