Open
1 of 1 issue completed
Description
I want to echo issue #1637
There could be multiple authentication headers, for example: api key and secret key. Both of those add something to the user object independently of each other.
It seems very strange to allow multiple returns from the Security tag, but then NOT merge the user object together.
Solution
@daxadal identified the correct solution:
// routes.ts (Auto-generated)
secMethodOrPromises.push(
Promise.all(secMethodAndPromises).then((users) => {
return users.reduceRight((prev, current) => ({ ...prev, ...current }));
})
Workarounds
You can build up a temp object and then use a middleware to set that to user. However that is not ideal as that temp object is going to get populated with variables from other @Security tags potentially leading to security vulnerabilities. So the best way is to do this inside of TSOA at the security group level.