Skip to content

OAuth2 Scopes Usage

Jump to bottom Edit New page
Lei Tao edited this page Aug 17, 2017 · 3 revisions

If you define securityDefinitions in swagger spec, for example:

securityDefinitions:
  OAuth2:
    type: oauth2
    flow: password
    tokenUrl: https://api.guokr.com/oauth/token
    scopes:      
      open: open resource
      login: login_required resource

Your resources are protected by OAuth2 Scopes open and login.

Assuming the following Operation Object definition:

paths:
  /pets:
    get:
      summary: List all pets
      operationId: listPets
      tags:
        - pets
      parameters:
        - name: limit
          in: query
          description: How many items to return at one time (max 100)
          required: false
          type: integer
          format: int32
      responses:
        "200":
          description: An paged array of pets
          headers:
            x-next:
              type: string
              description: A link to the next page of responses
          schema:
            $ref: '#/definitions/Pets'
        default:
          description: unexpected error
          schema:
            $ref: '#/definitions/Error'
      security:
        - OAuth2: ['open']

That means /pets could be accessible only if current visitor has the scope open.

You should implement current_scopes on your own in example-app/demo/v1/__init__(take flask demo as example):

@security.scopes_loader
def current_scopes():
    # flow to retrieve current visitor scopes
    return []
Add a custom footer
Add a custom sidebar
Clone this wiki locally