feat: add security field at the operation level #445
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Welcome to AsyncAPI. Thanks a lot for creating your first pull request. Please check out our contributors guide useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.
|
Kudos, SonarCloud Quality Gate passed!
|
LokeshRishi3
changed the title
|
@LokeshRishi3 hey, thanks a lot for this one. Are you also coming from ebay with the same use case we discuss in the proposal? So far your PR follows approach when on operation level, only operation security applies, but we are getting conclusions there that server security might apply too, so Please join discussion asyncapi/spec#584 |
|
@derberg Yes! 🙂
Also, I realized that I did not add additional tests for the |
|
yes, you need to wait for the outcome from the |
Description
We are using AsyncAPI specifications for publishing the subscriber specific details of our topics and associated payloads for our HTTP push use cases.
Our subscribable channels(or topics) are protected by a set of OAuth scopes (authorization code or client credentials) - that a potential subscriber needs to be aware of.
Here is a sample contract.
We are able to accommodate almost every detail of interest to an integrator/subscriber (THANK YOU) - with the exception of being able to call out the oauth scopes necessary for the subscription to the topic - i.e. the security aspect at the channel or rather channel/operation level.
The current specification is perhaps more aligned with a broker based topology - but ours is a pure push use case (to registered webhooks) and we need an ability to call out any security aspects at the channel operation level.
Related issue(s)
Resolves #434