Skip to content

feat: add inline security scope display for API endpoints #10571

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: add inline security scope display for API endpoints #10571

wants to merge 1 commit into from

Conversation

JMLX42
Copy link

@JMLX42 JMLX42 commented Sep 14, 2025
edited
Loading

Description

Adds visual display of required security scopes/requirements inline for each API endpoint, addressing the long-standing issue #5062.

Motivation

Resolves #5062 - Users need to see which security scopes (OAuth2, OpenID, etc.) are required for each endpoint without clicking the padlock icon. This has been a highly requested feature for years.

Changes

  • Added ScopeDisplay component to show security requirements inline next to the padlock icon
  • Integrated component into OperationSummary
  • Added styling for scope badges with proper visual hierarchy
  • Enhanced auth selectors with getSecurityRequirementsForOperation for better scope extraction
  • Added comprehensive unit tests for the new component

Features

  • ✅ Supports ALL security schemes (OAuth2, OpenID Connect, API Key, Bearer, Basic, etc.)
  • ✅ Displays scopes/requirements clearly with colored badges
  • ✅ Shows AND/OR logic for multiple security requirements
  • ✅ Indicates optional authentication
  • ✅ Responsive design for mobile devices
  • ✅ Non-intrusive UI that complements existing padlock icon

Screenshots

The feature displays security requirements inline:

  • OAuth2 scopes shown as badges (e.g., "OAuth2 (read:users, write:users)")
  • Multiple auth options shown with OR operator
  • Combined requirements shown with + operator
  • Optional auth clearly marked
image

Testing

  • Unit tests added for all component scenarios
  • Tested with various OpenAPI specs including:
    • OAuth2 with multiple scopes
    • OpenID Connect
    • API Key authentication
    • Bearer/JWT tokens
    • Basic authentication
    • Complex AND/OR combinations
    • Optional security

Breaking Changes

None - feature is backward compatible and doesn't affect existing functionality.

Checklist

  • Code follows project style guidelines
  • Unit tests added and passing
  • No breaking changes
  • Feature works with all security scheme types
  • Responsive design implemented

@JMLX42 JMLX42 mentioned this pull request Sep 14, 2025
Open
@JMLX42
feat: add inline security scope display for API endpoints
a8bcec5 
- Created ScopeDisplay component to show security requirements inline
- Supports all security schemes (OAuth2, OpenID, API Key, Bearer, Basic, etc.)
- Shows scopes/requirements next to the padlock icon for each endpoint
- Displays AND/OR logic clearly for multiple security schemes
- Added responsive styling with badges and scope pills
- Includes comprehensive unit tests

Addresses long-standing issue swagger-api#5062 - users can now see required
scopes at a glance without clicking the padlock icon.
@JMLX42 JMLX42 force-pushed the feature/display-endpoint-security-scopes branch from ea4217d to a8bcec5 Compare September 14, 2025 14:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Show required OAuth scopes on each endpoint
1 participant
@JMLX42