OAuth2 Scopes do not render

[kamaydeo]

I don't know if it's a missing features or a bug but OAuth2 scopes don't show up. See Security section in the yaml.

get:
      tags:
        - APIs
      summary: List all Services
      operationId: listApis
      parameters:
        - in: query
          name: page
          schema:
            type: integer
            default: 1
            minimum: 1
          description: The location of page to be searched.
          example: 5
          required: false
        - in: query
          name: size
          schema:
            type: integer
            default: 20
            minimum: 1
            maximum: 2000
          example: 100
          description: Number of records per page.
          required: false
        - in: query
          name: sort
          schema:
            type: string
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Page.GetApisResponse'
      security:
        - Bearer:
            - admin
        - OAuth2:
            - admin

[mrin9]

Not sure of what you are expecting in the UI.
I could see the scopes in the UI under the AUTHENTICATION section
https://mrin9.github.io/RapiDoc/examples/oauth.html#authentication

[kamaydeo]

Have a look at AUTHORIZATIONS section

[mrin9]

thats not scopes those are the security needed by the operation and these seucrity must be defined under security-schemes

for more info refer to #200 on how RapiDoc shows them

[kamaydeo]

I already have defined security and securitySchemes.

security:
  - Bearer:
      - write:domain
      - admin
  - OAuth2:
      - write:domain
      - admin

and

components:
  securitySchemes:
    Bearer:
      type: apiKey
      description: |
        Bearer scheme uses static perpetual token and is less secure.
        Token has a `write:domain` or `admin` permission associated with it.
        It determines whether you are authorized to invoke a particular operation or not.
      in: header
      name: Authorization
    OAuth2:
      type: oauth2
      description: |
        OAuth2 scheme is  a safer and more secure way to give you access with a short-lived token.
      flows:
        clientCredentials:
          tokenUrl: https://...../oauth2/token
          scopes:
            'write:domain': Manage Services and Subscribers in your Domain
            admin: Manage Services and Subscribers in all Domains

I would be nice to see what authorizations are available at the individual operation level (which either inherits from global security or operation level security

[mrin9]

they should be shown at operation level on top-right corner of each operation (if you have defined them properly)

[kamaydeo]

It does show up in the top right corner of the each operation but it doesn't contain scope information which could be overridden at the operation level by defining security attribute under responses. OAuth2 scopes add more details such as what permissions you need to have in order to invoke this operation. The top right corner just shows what security schemes are available.