Custom securedBy settings with shared raml configuration


I’m updating my RAML definition and attempting to customize the authorization settings for a particular resource. I’ve run into 2 questions related to this. For some background, our scopes supported align with the top level resources, so you request the scope for the resource you want to use. A new resource we are defining will only support credentials grant type, whereas the others support both credentials and code. While I’m making changes, I thought it would be good to explicitly call out that under resource /X only scope X is supported, whereas under resource /Y only scope Y is supported.

  1. Is there a way to have all of my broader Oauth2 parameters configured in a master oauth2_base.raml file and then another file for oauth2_Y.raml (for resource /Y) with the specific scope and grant type settings that includes the oauth2_base.raml file?

  2. I discovered that when I apply a securedBy designation to resource /Y, the sub-resources /Y/{id} and /Y/group/{id} do not inherit this designation. Is there a way to make this happen?


Hi @CameronGo.

  1. Unfortunately, I don’t think you can extend an existing security scheme in that way.

  2. Unfortunately, that is also not possible. The spec defines the following: “Security schemes applied to a resource MUST NOT incorporate nested resources; security schemes do not apply to existing nested resources.”


Thanks @christian_vogel. So, how do most people handle this sort of thing? Are all the scopes across resources the same for everyone? Do others just put a securedBy designation under each resource and all sub-resources?