We were running into random "None of security schemas did match for …" validation errors. This was being caused by the League\OpenAPIValidation\PSR7\Validators\SecurityValidator:: AUTH_PATTERN_* patterns, which do not have the case-insensitivity flag (i) set.
The basic and bearer authentication scheme tokens should be considered case-insensitive per Section 2.1 of RFC 7235.
We were running into random "None of security schemas did match for …" validation errors. This was being caused by the
League\OpenAPIValidation\PSR7\Validators\SecurityValidator:: AUTH_PATTERN_*patterns, which do not have the case-insensitivity flag (i) set.The
basicandbearerauthentication scheme tokens should be considered case-insensitive per Section 2.1 of RFC 7235.