Skip to content

Feat/openapi security spec#12

Closed
snow-ghost wants to merge 3 commits intomainfrom
feat/openapi-security-spec
Closed

Feat/openapi security spec#12
snow-ghost wants to merge 3 commits intomainfrom
feat/openapi-security-spec

Conversation

@snow-ghost
Copy link
Collaborator

@snow-ghost snow-ghost commented Mar 17, 2026

Summary

This PR adds spec-driven security handling to ocli and updates the README
to describe the new user-facing authentication capabilities.

What changed

Spec-driven security support

  • Added support for declared apiKey security schemes in header, query, and
    cookie
  • Added support for root-level and operation-level security requirements
  • Added support for alternative security requirement sets and automatic
    selection of the first satisfiable option
  • Added profile-level auth-values storage for named security schemes

Profile storage updates

  • Extended profile persistence to store and load auth_values
  • Added CLI support for passing auth values during onboarding

User impact

Users can now work with APIs that declare API key authentication directly in
the OpenAPI / Swagger spec.

This means:

  • API keys can be injected into the correct request location automatically
  • users no longer need to manually rewrite request URLs for query-based keys
  • cookie-based and header-based API key schemes can be driven from the spec
  • operations with multiple security alternatives can use the first available
    credential set from the profile

Documentation

README was updated with a new user-facing section describing:

  • declared apiKey security schemes
  • root-level and operation-level security handling
  • alternative security requirements
  • auth-values for named security schemes

@snow-ghost
- Added query and path parameter serialization from OpenAPI / Swagger
ca67d8d 
  metadata
  - Added support for array and object-style query parameters such as
  `deepObject`, `pipeDelimited`, and Swagger 2 collection formats
  - Added automatic API base URL detection from OAS `servers`
  - Added automatic API base URL detection from Swagger 2 `host`, `basePath`,
  and `schemes`
  - Added operation-level and path-level server overrides when the spec defines
  endpoint-specific targets
@snow-ghost
Add multi-file specs and richer help support
9f31549
@snow-ghost snow-ghost force-pushed the feat/openapi-security-spec branch from cc377bb to f3fd115 Compare March 18, 2026 15:37
@snow-ghost snow-ghost force-pushed the feat/openapi-security-spec branch from f3fd115 to 80be26c Compare March 18, 2026 15:41
@snow-ghost snow-ghost closed this Mar 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snow-ghost