swagger node multiple security handlers with logic AND

Question

I have a swagger node express app and I am not sure how to have two security handlers?

I have two SecurityDefinitions in my swagger.yaml

securityDefinitions:
  appKeyA:
    type: apiKey
    name: Authorization
    in: header
  appKeyB:
    type: apiKey
    in: header
    name: X-APP-ID

in my route

/foo
security:
        - appKeyA: []
          appKeyB: []

So logical AND

In my app.js

app.use(
    middleware.swaggerSecurity({
      //manage token function in the 'auth' module
      appKeyA: auth.verifyToken

    })
  );

It successfully runs the code in my verifyToken function

exports.verifyToken = function(req, authOrSecDef, token, callback) {
   ...
}

Now where do I put the second function to prevent getting Error: unknown security handler: appKeyB

Thanks

Answer 1

I stumbled upon this when I tried to figure out how to simply get the security middleware working.

Firstly, the security middleware MUST be added to the middleware chain before the swaggerRouter.

Secondly, for your question you simply add it to the security definition like this:

app.use(middleware.swaggerMetadata());
app.use(middleware.swaggerValidator());

// This must be placed before the swaggerRouter
app.use(
  middleware.swaggerSecurity({
    //manage token function in the 'auth' module
    appKeyA: auth.verifyToken,
    appKeyB: auth.verifyToken2 //Add the second token to verify appKeyB
  })
);
app.use(middleware.swaggerRouter(options));
app.use(middleware.swaggerUi());

Furthermore here I introduced a new verification method called verifyToken2, add this function to your auth file so it exports two functions :)

exports.verifyToken2 = function(req, authOrSecDef, token, callback) {
  ...
}