Multiple security definitions

[Job Weegink]

Hi,

I've configured an API key method and an authorization through Auth0.

Both work fine but not when i try to combine them.

Below is my config for a endpoint.

/api/v1/ping:

get:

summary: Ping the service

security:

- apikey: []

- auth0_jwk: []

This is the security definition for the API key

apikey:

type: "apiKey"

name: "x-api-key"

in: "header"

According to the Open Api specification this should be a OR, so either the API Key or the auth0 needs to be valid.

But it looks like it is checking the auth0 configuration even though I provided a valid API key.

What I already tried.

- Removed the auth0_jwk from the security, then it works

- Added an second API key definition (in query) then I can use both (like how i want it)

Do you have any clue how to setup authentication using an API key and also using auth0?

Regards,

[Wayne Zhang]

We don't support OR in multiple security definitions.  It is documented here

--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/7162fb60-77a3-42dc-b727-d11137cb60d5n%40googlegroups.com.

[Job Weegink]

damn, this took some serious hours. 

Will there be support for this in the future?

[Wayne Zhang]

Sorry, unfortunately,  we don't have plans to support it in the near future. 

To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/d2b2428e-1744-44b9-966a-b1732c21f66bn%40googlegroups.com.