Option to add additional auth headers?

[qLutCh55]

Hello,

I have looked through the documentation, and can't seem to find anywhere where you can define custom headers?

Currently our api is secured using a combination of custom headers namely 'x-api-key' and 'x-api-secret'. I am able to add a single header with the open the following code:

Scramble::extendOpenApi(function (OpenApi $openApi) {
        $openApi->secure(
            SecurityScheme::apiKey('header', 'x-api-key')
        );
    });

but I need to be able to add a second header 'x-api-secret'.

Any suggestions?

Thanks

[romalytvynenko]

Hey @qLutCh55

Any chance you can show me the expected OpenAPI document for your auth setup? Based on that I will be able to help with Scramble's setup.

[qLutCh55]

Hey @romalytvynenko

I was trying to get something like this right:

or

But the idea is that I need more than 1 security header for requests. With the above code, it only takes the first header and ignores the second one.

Regards
Jeandrew

[romalytvynenko]

@qLutCh55 gotcha!

Are you sure this is supported by Open API specification itself?

[qLutCh55]

I'm not sure if it is supported by Open API specification itself. It just seemed to be the closest implementation I could find in the docs for security for the purpose of our project. If you could point me in another direction, I would greatly appreciate it.

[lord-obinna]

i also need this

[romalytvynenko]

@lord-obinna the question remains: is it supported by OpenAPI? If so, can you share the example. If not, I won't be able to help.

[giggsey]

https://swagger.io/docs/specification/authentication/

Isn't it the 'Applying security' supporting multiple:

security:
  - ApiKeyAuth: []
  - OAuth2:
      - read
      - write
      - ```

[romalytvynenko]

@giggsey the issue here is that the auth is done by 2 headers at the same time (you need to pass 2 values to be authenticated) – if I understood correctly. And I did't see this is supported by OpenAPI spec.

[giggsey]

@romalytvynenko Yup, my mistake. I came here looking for multiple auth types in general (e.g. query OR bearer). I'll keep searching and raise a discussion if required.

[romalytvynenko]

@giggsey @lord-obinna @qLutCh55

Scramble now (v0.12.7) supports this!

https://scramble.dedoc.co/usage/authentication#complex-authentication-scenario