Swagger OpenAPI 3 documentation for Firebase Authentication securityScheme

Question

What is the correct way to format the security scheme for Firebase using oauth 2.0 and OpenAPI 3.0?

The current documentation at https://cloud.google.com/endpoints/docs/openapi/authenticating-users-firebase is intended for OpenAPI 2.0, but not for OpenAPI 3.0.

I have reviewed the swagger documentation for OpenAPI 3.0, at https://swagger.io/docs/specification/authentication/, and I also came across a similar question at Swagger definition for firebase authentication, but again, the suggested answers point to OpenAPI 2.0, rather than 3.0

Answer 1

components:
  securitySchemes:
    firebase:
      type: "oauth2"
      flows:
        implicit:
          authorizationUrl: ""
          scopes:
            read: Grants read access
            write: Grants write access
            admin: Grants access to admin operations
      # Replace YOUR-PROJECT-ID with your project ID
      x-google-issuer: "https://securetoken.google.com/YOUR-PROJECT-ID"
      x-google-jwks_uri: "https://www.googleapis.com/service_accounts/v1/metadata/x509/[email protected]"
      x-google-audiences: "YOUR-PROJECT-ID"

security:
  - firebase: [ ]