openapi: 3.0.3
info:
title: A Goa Example Service
description: HTTP service for test
version: "1.0"
servers:
- url: http://localhost:8088
- url: http://localhost:8088
paths:
/secure:
get:
tags:
- Service1
summary: secure Service1
description: 这是一个需要JWT认证的接口
operationId: Service1#secure
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/SecureRequestBody'
example:
fail: true
responses:
"200":
description: OK response.
content:
application/json:
schema:
type: string
example: Commodi earum ut dolorem qui.
example: Aliquid corrupti facere voluptate.
"401":
description: Unauthorized response.
content:
application/json:
schema:
type: string
example: Alias placeat est tenetur ad distinctio nesciunt.
example: Odit qui ut culpa est.
security:
- jwt_header_Authorization: []
/signin:
post:
tags:
- Service1
summary: signin Service1
operationId: Service1#signin
responses:
"200":
description: OK response.
content:
application/json:
schema:
$ref: '#/components/schemas/Creds'
example:
api_key: abcdef12345
jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
oauth_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
"400":
description: Bad Request response.
content:
application/json:
schema:
$ref: '#/components/schemas/Creds'
example:
api_key: abcdef12345
jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
oauth_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
"401":
description: Unauthorized response.
content:
application/json:
schema:
type: string
example: Voluptate non dolore autem ipsam omnis.
example: Et necessitatibus cupiditate repudiandae iste.
security:
- basic_header_Authorization: []
components:
schemas:
Creds:
type: object
properties:
api_key:
type: string
description: API Key
example: abcdef12345
jwt:
type: string
description: JWT token
example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
oauth_token:
type: string
description: OAuth2 token
example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
example:
api_key: abcdef12345
jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
oauth_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
required:
- jwt
- api_key
- oauth_token
SecureRequestBody:
type: object
properties:
fail:
type: boolean
description: Whether to force auth failure even with a valid JWT
example: false
example:
fail: false
securitySchemes:
basic_header_Authorization:
type: http
description: Basic authentication used to authenticate security principal during
signin
scheme: basic
jwt_header_Authorization:
type: http
description: Secures endpoint by requiring a valid JWT token retrieved via the
signin endpoint. Supports scopes "api:read" and "api:write".
scheme: bearer
tags:
- name: Service1
description: The secured service exposes endpoints that require valid authorization
credentials.