feat: Add AND logic support for multiple security schemes (#1129)#1135
feat: Add AND logic support for multiple security schemes (#1129)#1135GaneshPatil7517 wants to merge 1 commit into
Conversation
) - Updated Server Object security field to support array of arrays syntax - Updated Operation Object security field with AND/OR logic support - Updated Operation Trait Object security field with AND/OR logic support - Added comprehensive example demonstrating AND logic usage - Added documentation explaining OR vs AND security logic - Maintains backward compatibility with existing single-level arrays Fixes asyncapi#1129
GaneshPatil7517
requested review from
GreenRover,
asyncapi-bot-eve,
char0n,
dalelane,
derberg and
fmvilas
as code owners
|
We require all PRs to follow Conventional Commits specification. |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Welcome to AsyncAPI. Thanks a lot for creating your first pull request. Please check out our contributors guide useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.
|
|
@GaneshPatil7517 we are good to go forward here. In order to move to stage 2 you need to fulfill some requirements: https://github.com/asyncapi/spec/blob/master/CONTRIBUTING.md#stage-2-draft Also please clearly state who's championing this proposal, you or @rahmathm1 |
3 participants
This PR implements support for AND logic between multiple security schemes in AsyncAPI 3.x, addressing issue #1129.
Problem
Currently, AsyncAPI 3.x only allows expressing OR semantics when multiple security schemes are specified in the security array. This means "any one of these schemes satisfies the requirement." However, there's no way to express that multiple schemes must be satisfied simultaneously (AND logic), which is a common real-world scenario.
For example, you cannot currently express: "Require BOTH OAuth2 AND API Key" or "Require user authentication AND client certificate."
Solution
This PR introduces support for nested array syntax to enable AND logic while maintaining backward compatibility:
Single-level array (existing): OR logic - any one scheme is sufficient
Nested arrays (new): Outer array = OR, Inner array = AND - all schemes in an inner array must be satisfied
Syntax Examples
OR logic (existing - unchanged):
security:
Meaning: OAuth2 AND API Key
AND logic (new):
security:
Combined OR and AND:
security:
Meaning: (OAuth2 AND API Key) OR Basic Auth
Changes Made
✅ Updated Server Object security field documentation to support array of arrays syntax
✅ Updated Operation Object security field with AND/OR logic support
✅ Updated Operation Trait Object security field with AND/OR logic support
✅ Added comprehensive example: operation-security-and-logic-asyncapi.yml
✅ Added documentation in operation-security-asyncapi.yml explaining OR vs AND logic
✅ Maintains 100% backward compatibility with existing single-level arrays
Backward Compatibility
This change is fully backward compatible. Existing AsyncAPI documents using single-level arrays will continue to work exactly as before with OR semantics. The nested array syntax is purely additive.
Testing
Added two example files demonstrating the feature:
operation-security-and-logic-asyncapi.yml - Shows AND logic usage
Updated operation-security-asyncapi.yml - Documents OR vs AND comparison
Fixes
Fixes #1129
@rahmathm1