openapi: 3.0.3
info:
  title: A Goa Example Service
  description: HTTP service for test
  version: "1.0"
servers:
- url: http://localhost:8088
- url: http://localhost:8088
paths:
  /secure:
    get:
      tags:
      - Service1
      summary: secure Service1
      description: 这是一个需要JWT认证的接口
      operationId: Service1#secure
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/SecureRequestBody'
            example:
              fail: true
      responses:
        "200":
          description: OK response.
          content:
            application/json:
              schema:
                type: string
                example: Commodi earum ut dolorem qui.
              example: Aliquid corrupti facere voluptate.
        "401":
          description: Unauthorized response.
          content:
            application/json:
              schema:
                type: string
                example: Alias placeat est tenetur ad distinctio nesciunt.
              example: Odit qui ut culpa est.
      security:
      - jwt_header_Authorization: []
  /signin:
    post:
      tags:
      - Service1
      summary: signin Service1
      operationId: Service1#signin
      responses:
        "200":
          description: OK response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Creds'
              example:
                api_key: abcdef12345
                jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
                oauth_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
        "400":
          description: Bad Request response.
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Creds'
              example:
                api_key: abcdef12345
                jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
                oauth_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
        "401":
          description: Unauthorized response.
          content:
            application/json:
              schema:
                type: string
                example: Voluptate non dolore autem ipsam omnis.
              example: Et necessitatibus cupiditate repudiandae iste.
      security:
      - basic_header_Authorization: []
components:
  schemas:
    Creds:
      type: object
      properties:
        api_key:
          type: string
          description: API Key
          example: abcdef12345
        jwt:
          type: string
          description: JWT token
          example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
        oauth_token:
          type: string
          description: OAuth2 token
          example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
      example:
        api_key: abcdef12345
        jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
        oauth_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
      required:
      - jwt
      - api_key
      - oauth_token
    SecureRequestBody:
      type: object
      properties:
        fail:
          type: boolean
          description: Whether to force auth failure even with a valid JWT
          example: false
      example:
        fail: false
  securitySchemes:
    basic_header_Authorization:
      type: http
      description: Basic authentication used to authenticate security principal during
        signin
      scheme: basic
    jwt_header_Authorization:
      type: http
      description: Secures endpoint by requiring a valid JWT token retrieved via the
        signin endpoint. Supports scopes "api:read" and "api:write".
      scheme: bearer
tags:
- name: Service1
  description: The secured service exposes endpoints that require valid authorization
    credentials.