Hi, great project, I have found it to be very useful.
I have been having some trouble with documenting a bearer token authorization used by a single endpoint. Because only one endpoint makes use of this particular authentication scheme, I want to define it with the @swagger_auto_schema decorator. I see that there is a security parameter, but I am unable to find any examples of it being used out in the wild. How should security definitions be formatted at this level? I have tried a few reasonable formats without success. The type hint isn't really enough information to go off of.
Here is what I tried:
@swagger_auto_schema(operation_id="foo",
security=[
{
"foo key": {
"type": "apiKey",
"name": "api_key",
"in": "header"
}
}
],
...
...
This results in a blank authorization field appearing in operation foo without any errors or warnings.
You first have to define a Security Definition object, no matter how many endpoints use it. The related drf-yasg setting for this is SECURITY_DEFINITIONS.
You may then specify a list of Security Requirement objects either as a default in SECURITY_REQUIREMENTS, or on a per-operation basis using the security argument.
Security requirements reference security schemes by their security definitions name.
Most helpful comment
You first have to define a Security Definition object, no matter how many endpoints use it. The related drf-yasg setting for this is SECURITY_DEFINITIONS.
You may then specify a list of Security Requirement objects either as a default in SECURITY_REQUIREMENTS, or on a per-operation basis using the
securityargument.Security requirements reference security schemes by their security definitions name.