In Google Cloud Endpoints, I am unable to have authentication occur in an "or" scenario, where, for example, I want to allow access to a path by means of an api_key "or" oauth. Please see https://swagger.io/docs/specification/2-0/authentication/ for more info.
DOES WORK (single defintion for API key)
/api/query:
get:
operationId: queryget
responses:
'200':
description: query success
security:
- api_key: []
DOES WORK (single definition for oauth)
/api/query:
get:
operationId: queryget
responses:
'200':
description: query success
security:
- oauth: []
DOES WORK ("AND" definition where both must be included in auth)
/api/query:
get:
operationId: queryget
responses:
'200':
description: query success
security:
- oauth: []
api_key: []
DOES NOT WORK ("OR" definition)
/api/query:
get:
operationId: queryget
responses:
'200':
description: query success
security:
- oauth: []
- api_key: []
To be more specific when deploying my api to Google Cloud Endpoints, I receive the following warning
Operation 'get' in path '/api/query': Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project.
And, when trying to call the api with an API key, I receive the following error, as if it were expecting the OAUTH JWT token (maybe because it was the first security definition in the list for that route)
{ "code": 16, "message": "JWT validation failed: Missing or invalid credentials", "details": [ { "@type": "type.googleapis.com/google.rpc.DebugInfo", "stackEntries": [], "detail": "auth" } ]}'
This feature is unsupported, unfortunately. You can only use AND. This is now documented in Unsupported OpenAPI Features.