Skip to content

Define required scopes per Path #1014

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
rxdiscovery opened this issue Mar 31, 2025 · 0 comments
Open

Define required scopes per Path #1014

rxdiscovery opened this issue Mar 31, 2025 · 0 comments
Labels
enhancement New feature or request

Comments

@rxdiscovery
Copy link

Hello,

Description of the feature

Would it be possible to have the ability to define required scopes per Path/Endpoint?

For example, define the scopes at the level of #[oai] like this:

#[oai(
        path = "/secure",
        method = "get",
        scopes = ["read", "write"]]
    )]
async fn secure_endpoint(&self) -> PlainText<String>

And have a Swagger definition like this:

openapi: 3.0.3
info:
  title: Example API with Scopes per Path
  version: 1.0.0
components:
  securitySchemes:
    oauth2:
      type: oauth2
      flows:
        clientCredentials:
          tokenUrl: https://example.com/oauth/token
          scopes:
            read: Read permission
            write: Write permission
            admin: Administration permission
paths:
  /secure:
    get:
      summary: Secure Endpoint
      security:
        - oauth2: [read, write]  # Requires ALL scopes "read" AND "write"
      responses:
        '200':
          description: Success
  /flexible:
    get:
      summary: Flexible Endpoint
      security:
        - oauth2: [read]        # Option 1: Requires "read"
        - oauth2: [write]       # Option 2: Requires "write" (OR logic)
      responses:
        '200':
          description: Success
  /admin:
    get:
      summary: Admin Endpoint
      security:
        - oauth2: [admin]       # Requires only "admin"
      responses:
        '200':
          description: Success

This is a very important feature, especially if we want to create enterprise-grade APIs.

Thank you in advance 🥇
@rxdiscovery rxdiscovery added the enhancement New feature or request label Mar 31, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rxdiscovery