security: Mechanism to get parameter name used within "apiKey" security schemes.

[jmalloc]

Description

I'd like to be able to access the parameter name (cookie name, for example) defined in security schemes in my OpenAPI specification.

For example, I have the following sections in my spec:

components:
  securitySchemes:
    AuthenticatedSession:
      type: apiKey
      in: cookie
      name: auth_token

I also have a /login endpoint that sets the auth_token cookie. As it stands, I have hardcoded the name of the cookie in my login implementation, but it would be preferable to use a constant generated by ogen so that the YAML file is the single source of truth. I've had a release fail due to a mismatch between my code and the spec which was not caught by tests because when using the generated SecurityHandler and SecuritySource interfaces because they both refer to the cookie name in the spec.

References

• https://spec.openapis.org/oas/v3.1.0#api-key-sample