Security requirements not working for OAS 3.0+

[hsgreen]

The problem is that the OAS 3.0.x specification moved the securityDefinitions member of the req.swagger.swaggerObject to req.swagger.swaggerObject.components.securitySchemas but it seems like the code in swagger-security.js was not updated to reflect this.

Just curious how this is still a lingering issue, does anyone else use security in their OAS projects?

Here is the fix to go in place of swagger-security.js:138-140

var secDef;
if (req.swagger.swaggerVersion < "2.0") {
    // Swagger pre 2.0
    secDef = req.swagger.resourceListing.authorizations[name];
} else if (req.swagger.swaggerVersion < "3.0") {
    // Swagger 2.0 up to OAS 3.0
    secDef = req.swagger.swaggerObject.securityDefinitions[name];
} else {
    // OAS 3.0+
    secDef = req.swagger.swaggerObject.components.securitySchemes[name];
}

[HugoMario]

thanks @hsgreen, going to address this.

[ystreibel]

Hello, I need this fix! Did you plan to integrated it in a hotfix release?

[hsgreen]

It still appears to be broken.