Skip to content

Is security scheme value lowercase or case-insensitive? #1876

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
hkosova opened this issue Mar 26, 2019 · 1 comment
Closed

Is security scheme value lowercase or case-insensitive? #1876

hkosova opened this issue Mar 26, 2019 · 1 comment

Comments

@hkosova
Copy link
Contributor

hkosova commented Mar 26, 2019

The scheme field of the Security Scheme Object is defined as follows:

The name of the HTTP Authorization scheme to be used in the Authorization header as defined in RFC7235.

and subsequent examples use scheme: basic and scheme: bearer - with lowercase scheme names.

However, the Authentication Scheme Registry defines the scheme names starting with an uppercase letter:

  • Basic
  • Bearer
  • Digest
  • ...

Could you please clarify if the scheme value must be lowercase, or if both scheme: basic (as in the current examples) and scheme: Basic (as in the Auth Scheme Registry) are valid and equivalent?
@hkosova hkosova mentioned this issue Mar 26, 2019
Closed
@darrelmiller
Copy link
Member

@hkosova As per RFC7235 auth scheme is case insensitive:

2.1. Challenge and Response

HTTP provides a simple challenge-response authentication framework
that can be used by a server to challenge a client request and by a
client to provide authentication information. It uses a case-
insensitive token as a means to identify the authentication scheme,
followed by additional information necessary for achieving

https://tools.ietf.org/html/rfc7235#section-2.1

@hkosova hkosova closed this as completed Apr 1, 2019
yfer added a commit to yfer/swagger-js that referenced this issue Sep 30, 2019
@yfer
Fix inconsistency between security 'scheme' and OAI3 specs.
8dce0d8 
scheme should be case insensitive
OAI/OpenAPI-Specification#1876
https://tools.ietf.org/html/rfc7235#section-2.1
@yfer yfer mentioned this issue Oct 1, 2019
Closed
10 tasks
@domaindrivendev domaindrivendev mentioned this issue Mar 26, 2020
Closed
@hkosova hkosova mentioned this issue Apr 16, 2020
Closed
char0n added a commit to swagger-api/swagger-js that referenced this issue Jun 18, 2020
@char0n
fix(scheme): make scheme comparison case insensitive
c1e82a9 
As per RFC7235 auth scheme is case insensitive.

2.1. Challenge and Response

HTTP provides a simple challenge-response authentication framework
that can be used by a server to challenge a client request and by a
client to provide authentication information. It uses a case-
insensitive token as a means to identify the authentication scheme,
followed by additional information necessary for achieving.

https://tools.ietf.org/html/rfc7235#section-2.1

Refs #1531, #1473
Refs OAI/OpenAPI-Specification#1876
Refs swagger-api/swagger-ui#5965
@char0n char0n mentioned this issue Jun 18, 2020
Merged
10 tasks
char0n added a commit to swagger-api/swagger-js that referenced this issue Jun 18, 2020
@char0n
fix(scheme): make scheme comparison case insensitive
1d25d15 
As per RFC7235 auth scheme is case insensitive.

2.1. Challenge and Response

HTTP provides a simple challenge-response authentication framework
that can be used by a server to challenge a client request and by a
client to provide authentication information. It uses a case-
insensitive token as a means to identify the authentication scheme,
followed by additional information necessary for achieving.

https://tools.ietf.org/html/rfc7235#section-2.1

Refs #1531, #1473
Refs OAI/OpenAPI-Specification#1876
Refs swagger-api/swagger-ui#5965
char0n added a commit to swagger-api/swagger-js that referenced this issue Jun 18, 2020
@char0n
fix(scheme): make scheme comparison case insensitive (#1562)
79fd3d7 
As per RFC7235 auth scheme is case insensitive.

2.1. Challenge and Response

HTTP provides a simple challenge-response authentication framework
that can be used by a server to challenge a client request and by a
client to provide authentication information. It uses a case-
insensitive token as a means to identify the authentication scheme,
followed by additional information necessary for achieving.

https://tools.ietf.org/html/rfc7235#section-2.1

Co-authored-by: Helen Kosova <[email protected]>

Refs #1531, #1473
Refs OAI/OpenAPI-Specification#1876
Refs swagger-api/swagger-ui#5965
@hkosova hkosova mentioned this issue Sep 8, 2021
Closed
This was referenced Dec 8, 2021
Closed
Closed
@hsunner hsunner mentioned this issue Jun 7, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@darrelmiller @hkosova