Merge securitySchemes of input files
Opened this issue · 2 comments
At the moment only the securitySchemes item from the first file parsed is taken.
This behavior is not documented and also not expected. And leads to validation errors on the final schema, in case the security key in one of the files references a schema that was not merged.
The logical implementation would be to perform a merge of all securitySchemes found across all the input files. At least a warning should be raised to inform the user and prevent blind attempts.
Thanks.
I've done this now in a fork
https://github.com/dbryar/openapi-merge
I also added a deepMerge flag to disputes as API gateway will have a single IDP provider, yet microservices may require different scopes, thus they need merging, and not to be given a suffix