Injection security definitions is not working

[TheM1984]

The <!-- ReDoc-Inject: <security-definitions> --> is no longer injecting the security definitions.

Currently we use the noAutoAuth option and inject the security definitions at the place we like it to be.

This is all done according to the readme:
https://github.com/Redocly/redoc#security-definition-location
https://github.com/Redocly/redoc/blob/v2.0.0-rc.72/docs/security-definitions-injection.md

Expected behavior
The security definitions are included as stated.

Minimal reproducible OpenAPI snippet(if possible)
I extracted some minimal openapi where you can see the issue.

Within src/components/tags.yaml the injection is being performed.
src.zip

Screenshots
"redoc-cli": "0.13.10" shows it correctly:

"redoc-cli": "0.13.16" doesn't show it at the given location

Additional context
My guess that this has to do with the new feature where the noAutoAuth is deprecated.

And I guess the security definitions are now shown with every endpoint, however I do feel that is a lot of duplicate content. And without the security definitions shown in the global text, there is no way of linking to it a specific authentication.

[AlexVarchuk]

Hi @TheM1984, thank you for your issue.
You can add to Authentication -> description add redoc tag.

<SecurityDefinitions />

It adds security to your tag.

After that, we can add hideSecuritySection: true options. It disables showing auth section in every endpoint.

Please verify it.

[ArthurFlag]

I have the same problem, expect I simply use the Redoc CLI with preview-docs. My swagger file (not OAS3) does contain my security definition. I worked perfectly until today 🙂

[AlexVarchuk]

Hi @arthurflageul, we moved the security section to Operations. To use the old behavior, check my message above.

[AlexVarchuk]

We return the old variant of injecting security definition for better backward compatibility. PR

<!-- ReDoc-Inject: <security-definitions> -->

[TheM1984]

Hi @TheM1984, thank you for your issue. You can add to Authentication -> description add redoc tag.

<SecurityDefinitions />

It adds security to your tag.

After that, we can add hideSecuritySection: true options. It disables showing auth section in every endpoint.

Please verify it.

I can hereby confirm that your solution works.

Only 1 note that with hideSecuritySection: true the security section in the endpoints is removed completely, so it is not completely backwards compatible with the "old" usage.

However we now have the security section separate and can link to it in other texts, so we are happy now :).

[sl-nigelalmada]

Thanks for restoring the previous behaviour

I would suggest for next time that this kind of changes are made, to include it into a dedicated section of the release's changelog

[AlexVarchuk]

We added it to the general changelog.

Sorry, but I am not fully understood the dedicated section. Can you share the link with an example? It can be helpful for us.

[sl-nigelalmada]

I am talking about the orignal change

For me the original change was more akin to a "breaking" one. I understand that breaking change are perfectly acceptable in a rc release, no worries about that

I don't know if the change was introduced with the 2.0.0-rc71 release, but the included changelog line

add hideSecuritySection option allowing to disable the Security panel (https://github.com/Redocly/redoc/issues/2027) ([49cc11d](https://github.com/Redocly/redoc/commit/49cc11d91795653ca870e9276a1e0cd617964e25))

was probably not enough (unless the change was involuntary and it was just a regression)

I suggest to have in this case to either

• have a "Removed" section if it's considered as a feature removal.
• have the complete explanations on the impact of the change (need to add <SecurityDefinitions /> to the doc to have the previous behaviour)

I usually use the Keep A changelog format because it provides better granularity in the changes log 😀