swagger: "2.0" info: title: A Goa Example Service description: HTTP service for test version: "" host: localhost:8088 consumes: - application/json - application/xml - application/gob produces: - application/json - application/xml - application/gob paths: /secure: get: tags: - Service1 summary: secure Service1 description: 这是一个需要JWT认证的接口 operationId: Service1#secure parameters: - name: Authorization in: header description: JWT used for authentication required: true type: string - name: SecureRequestBody in: body required: true schema: $ref: '#/definitions/Service1SecureRequestBody' responses: "200": description: OK response. schema: type: string "401": description: Unauthorized response. schema: type: string schemes: - http security: - jwt_header_Authorization: [] /signin: post: tags: - Service1 summary: signin Service1 operationId: Service1#signin parameters: - name: Authorization in: header description: Basic Auth security using Basic scheme (https://tools.ietf.org/html/rfc7617) required: true type: string responses: "200": description: OK response. schema: $ref: '#/definitions/Service1SigninOKResponseBody' required: - jwt - api_key - oauth_token "400": description: Bad Request response. schema: $ref: '#/definitions/Service1SigninBadRequestResponseBody' required: - jwt - api_key - oauth_token "401": description: Unauthorized response. schema: type: string schemes: - http security: - basic_header_Authorization: [] definitions: Service1SecureRequestBody: title: Service1SecureRequestBody type: object properties: fail: type: boolean description: Whether to force auth failure even with a valid JWT example: false example: fail: false Service1SigninBadRequestResponseBody: title: Service1SigninBadRequestResponseBody type: object properties: api_key: type: string description: API Key example: abcdef12345 jwt: type: string description: JWT token example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ oauth_token: type: string description: OAuth2 token example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ example: api_key: abcdef12345 jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ oauth_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ required: - jwt - api_key - oauth_token Service1SigninOKResponseBody: title: Service1SigninOKResponseBody type: object properties: api_key: type: string description: API Key example: abcdef12345 jwt: type: string description: JWT token example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ oauth_token: type: string description: OAuth2 token example: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ example: api_key: abcdef12345 jwt: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ oauth_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ required: - jwt - api_key - oauth_token securityDefinitions: basic_header_Authorization: type: basic description: Basic authentication used to authenticate security principal during signin jwt_header_Authorization: type: apiKey description: Secures endpoint by requiring a valid JWT token retrieved via the signin endpoint. Supports scopes "api:read" and "api:write". name: Authorization in: header