Security type http, scheme bearer, bearerFormat JWT detected as basic?

(Jprevost) #1

I believe this syntax should work according to the OAS3 spec, but is detected as basic auth in Stoplight.

 "components": {
   "securitySchemes": {
     "jwtAuth": {
       "type": "http",
       "scheme": "bearer",
       "bearerFormat": "JWT"
(Jprevost) #2

Reference to where I got the syntax from:

(Taylor Barnett) #3

Yup! That looks like it is a bug. I’m opening up something internally for it right now.

1 Like
(Brian) #4

Is there any followup on this bug? I am still running into this issue.

(Jason Judge) #5

Having the same problem here. Without auth supported (we need Bearer token support), this is a blocker on a current project. Were there any updates?

Using this in the spec:

"securitySchemes": {
  "bearerAuth": {
    "type": "http",
    "scheme": "bearer",
    "bearerFormat": "api_token"

Getting this in the request:

Authorization: Basic eyQkLmVudi...snip...=

Should be:

Authorization: Bearer eyQkLmVudi...snip...
(Taylor Barnett) #6

Hey @jason.judge! We’re going to try to work this into the next sprint in June. Hopefully we can fix that up.