You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
First Issue to this repo, so I hope I have included the needed information for my proposal. I am unsure of corporate policy for contributing to libraries like this, or I would send a PR.
Issue
The OpenAPI V3 spec supports optional authentication. Meaning that authentication can happen, but is not required. Unfortunately, there is no "out of the box" implementation, of this feature.
Related Issue
A custom class cannot be created and fed to SecurityRequirementsOperationFilter<T> if the endpoint has an "AllowAnonymousAttribute", since that stops all further processing.
Ideal Proposal
If a class has both and "AllowAnonymousAttribute":
Add the security scheme as currently done.
Add an empty security scheme.
If includeUnauthorizedAndForbiddenResponses is true, only add the "Forbidden" response.
Alternate Proposal
Use a constructor parameter to determine if the "AllowAnonymousAttribute" check runs. Same as how includeUnauthorizedAndForbiddenResponses works now.
The text was updated successfully, but these errors were encountered:
Hello
Sorry for the slow reply. I wouldn't want to change the existing behaviour, so your alternate proposal to supply a constructor parameter sounds like the correct approach. It should be a small change.
First Issue to this repo, so I hope I have included the needed information for my proposal. I am unsure of corporate policy for contributing to libraries like this, or I would send a PR.
Issue
The OpenAPI V3 spec supports optional authentication. Meaning that authentication can happen, but is not required. Unfortunately, there is no "out of the box" implementation, of this feature.
Related Issue
A custom class cannot be created and fed to
SecurityRequirementsOperationFilter<T>
if the endpoint has an "AllowAnonymousAttribute", since that stops all further processing.Ideal Proposal
If a class has both and "AllowAnonymousAttribute":
includeUnauthorizedAndForbiddenResponses
is true, only add the "Forbidden" response.Alternate Proposal
Use a constructor parameter to determine if the "AllowAnonymousAttribute" check runs. Same as how
includeUnauthorizedAndForbiddenResponses
works now.The text was updated successfully, but these errors were encountered: