My question:
Why does Postman ignore my Swagger security definitions?
Details (like screenshots):
In my swagger doc I have this security def:
securityDefinitions:
OAuth2AccessCode:
authorizationUrl: https://auth.example.net/oauth2/authorize
flow: accessCode
scopes:
email: ' This scope value requests access to the email and email_verified Claims.'
app/read: ' Grants read access.'
app/write: ' Grants write access.'
openid: ' This scope value enables OpenID Connect as an extension to the OAuth
2.0 authorization process.'
profile: ' This scope value requests access to the End-User''s default profile.'
tokenUrl: https://auth.example.net/oauth2/token
type: oauth2
OAuth2Application:
flow: application
scopes:
app/read: ' Grants read access.'
app/write: ' Grants write access.'
tokenUrl: https://auth.example.net/oauth2/token
type: oauth2
and all endpoints contain a security def with scopes such as:
/account:
get:
produces:
- application/json
responses:
"200":
description: OK
schema:
$ref: '#/definitions/controllers.Account'
security:
- OAuth2AccessCode:
- app/read
- OAuth2Application:
- app/read
summary: List the details for your account.
tags:
- account
After importing into Postman, the collection is set to No Auth, and each endpoint is set to OAuth. Why is this being mangled after import?
How I found the problem:
I wasn’t able to setup proper authorization through Postman without manually setting it.
I’ve already tried:
I tried different import settings, but none of them respect the Swagger security definitions.