fixes OpenAPI spec security definitions

SpiceDB does not use ApiKeyAuth authentication, but Bearer authentication, where the type of bearer token is an API Key. This was reported in authzed/authzed-go#255, indicating that folks generating code out of the OpenAPI definition will have errors because the generated error did not properly provide the preshared key with the expected `Authorization: Bearer <psk>` format. See https://swagger.io/docs/specification/v3_0/authentication/api-keys/ See https://swagger.io/docs/specification/v3_0/authentication/bearer-authentication/
authzed · Nov 11, 2024 · 4042ec8 · 4042ec8
1 parent 8a6892e
commit 4042ec8
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/authzed/api/v1/openapi.proto b/authzed/api/v1/openapi.proto
@@ -32,13 +32,18 @@ option (grpc.gateway.protoc_gen_openapiv2.options.openapiv2_swagger) = {
 	produces: "application/json";
 	security_definitions: {
 		security: {
-			key: "ApiKeyAuth";
+			key: "bearer";
 			value: {
 				type: TYPE_API_KEY;
 				in: IN_HEADER;
 				name: "Authorization";
+				description: "SpiceDB preshared-key, prefixed by Bearer: Bearer <preshared-key>"
 			}
 		}
 	}
+	security: {
+		security_requirement: {
+			key: "bearer"
+		}
+	}
 };
-