feat: Add AND logic support for multiple security schemes (#1129) #1135
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
) - Updated Server Object security field to support array of arrays syntax - Updated Operation Object security field with AND/OR logic support - Updated Operation Trait Object security field with AND/OR logic support - Added comprehensive example demonstrating AND logic usage - Added documentation explaining OR vs AND security logic - Maintains backward compatibility with existing single-level arrays Fixes asyncapi#1129
GaneshPatil7517
requested review from
GreenRover,
asyncapi-bot-eve,
char0n,
dalelane,
derberg and
fmvilas
as code owners
Contributor
|
We require all PRs to follow Conventional Commits specification. |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Welcome to AsyncAPI. Thanks a lot for creating your first pull request. Please check out our contributors guide useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR implements support for AND logic between multiple security schemes in AsyncAPI 3.x, addressing issue #1129.
Problem
Currently, AsyncAPI 3.x only allows expressing OR semantics when multiple security schemes are specified in the security array. This means "any one of these schemes satisfies the requirement." However, there's no way to express that multiple schemes must be satisfied simultaneously (AND logic), which is a common real-world scenario.
For example, you cannot currently express: "Require BOTH OAuth2 AND API Key" or "Require user authentication AND client certificate."
Solution
This PR introduces support for nested array syntax to enable AND logic while maintaining backward compatibility:
Single-level array (existing): OR logic - any one scheme is sufficient
Nested arrays (new): Outer array = OR, Inner array = AND - all schemes in an inner array must be satisfied
Syntax Examples
OR logic (existing - unchanged):
security:
Meaning: OAuth2 AND API Key
AND logic (new):
security:
Combined OR and AND:
security:
Meaning: (OAuth2 AND API Key) OR Basic Auth
Changes Made
✅ Updated Server Object security field documentation to support array of arrays syntax
✅ Updated Operation Object security field with AND/OR logic support
✅ Updated Operation Trait Object security field with AND/OR logic support
✅ Added comprehensive example: operation-security-and-logic-asyncapi.yml
✅ Added documentation in operation-security-asyncapi.yml explaining OR vs AND logic
✅ Maintains 100% backward compatibility with existing single-level arrays
Backward Compatibility
This change is fully backward compatible. Existing AsyncAPI documents using single-level arrays will continue to work exactly as before with OR semantics. The nested array syntax is purely additive.
Testing
Added two example files demonstrating the feature:
operation-security-and-logic-asyncapi.yml - Shows AND logic usage
Updated operation-security-asyncapi.yml - Documents OR vs AND comparison
Fixes
Fixes #1129
@rahmathm1