Logical OR for OAuth2 security scheme is not displayed correctly in authorization

[KristinaB162]

Q&A

• Method of installation: npm
• Swagger-UI (dist) version: 5.15.2
• Swagger/OpenAPI version: OpenAPI 3.0.3

Content & configuration

Example Swagger/OpenAPI definition, relying on your example:

security: 
  - oAuth2: 
    - read_write_pets
    - read_pets
paths:
  /pets:
    get:
      summary: Get all pets
      security: 
        - oAuth2: 
          - read_write_pets
        - oAuth2:
          - read_pets

Describe the bug you're encountering

As described here OAI/OpenAPI-Specification#3001, scopes can be expressed in different ways to illustrate logical relationships in an OpenApi Spec.

In the example yaml, the get-request is now implemented with the logical OR of the OpenAPI specification. This means that read or read-write authorization is required. In the Swagger UI, only the first specified scope is then visible when authorizing for the given path.

To reproduce...

Steps to reproduce the behavior:

1. Create a path in a yaml file with a security scheme that has two logical scopes ORed together
2. Open the file in a swagger UI
3. Click on the open lock for this modified path
4. See that there is only one scope (the first one)

Expected behavior

The expectation here is that both scopes are visible and that they are linked with a logical OR. This means that I do not necessarily need both to use this path.