Fixed security requirement resolution

src/Microsoft.OpenApi.Readers/Services/OpenApiReferenceResolver.cs

@@ -89,6 +89,23 @@ public override void Visit(OpenApiResponses responses)
             ResolveMap(responses);
         }
 
+        /// <summary>
+        /// Resolve all references to SecuritySchemes
+        /// </summary>
+        public override void Visit(OpenApiSecurityRequirement securityRequirement)
+        {
+            foreach (var scheme in securityRequirement.Keys.ToList())
+            {
+                ResolveObject(scheme, (resolvedScheme) => {
+                    // If scheme was unresolved
+                    // copy Scopes and remove old unresolved scheme
+                    var scopes = securityRequirement[scheme];
+                    securityRequirement.Remove(scheme);
+                    securityRequirement.Add(resolvedScheme, scopes);
+                });
+            }
+        }
+
         /// <summary>
         /// Resolve all references to parameters
         /// </summary>

src/Microsoft.OpenApi/Services/OpenApiVisitorBase.cs

@@ -279,6 +279,13 @@ public virtual void Visit(IList<OpenApiTag> openApiTags)
         {
         }
 
+        /// <summary>
+        /// Visits list of <see cref="OpenApiSecurityRequirement"/>
+        /// </summary>
+        public virtual void Visit(IList<OpenApiSecurityRequirement> openApiSecurityRequirements)
+        {
+        }
+
         /// <summary>
         /// Visits <see cref="IOpenApiExtensible"/>
         /// </summary>

src/Microsoft.OpenApi/Services/OpenApiWalker.cs

@@ -44,6 +44,7 @@ public void Walk(OpenApiDocument doc)
             Walk(OpenApiConstants.Servers, () => Walk(doc.Servers));
             Walk(OpenApiConstants.Paths, () => Walk(doc.Paths));
             Walk(OpenApiConstants.Components, () => Walk(doc.Components));
+            Walk(OpenApiConstants.Security, () => Walk(doc.SecurityRequirements));
             Walk(OpenApiConstants.ExternalDocs, () => Walk(doc.ExternalDocs));
             Walk(OpenApiConstants.Tags, () => Walk(doc.Tags));
             Walk(doc as IOpenApiExtensible);
@@ -471,10 +472,32 @@ internal void Walk(OpenApiOperation operation)
             Walk(OpenApiConstants.Responses, () => Walk(operation.Responses));
             Walk(OpenApiConstants.Callbacks, () => Walk(operation.Callbacks));
             Walk(OpenApiConstants.Tags, () => Walk(operation.Tags));
-
+            Walk(OpenApiConstants.Security, () => Walk(operation.Security));
             Walk(operation as IOpenApiExtensible);
         }
 
+        /// <summary>
+        /// Visits list of <see cref="OpenApiSecurityRequirement"/>
+        /// </summary>
+        internal void Walk(IList<OpenApiSecurityRequirement> securityRequirements)
+        {
+            if (securityRequirements == null)
+            {
+                return;
+            }
+
+            _visitor.Visit(securityRequirements);
+
+            if (securityRequirements != null)
+            {
+                for (int i = 0; i < securityRequirements.Count; i++)
+                {
+                    Walk(i.ToString(), () => Walk(securityRequirements[i]));
+                }
+            }
+        }
+
+
         /// <summary>
         /// Visits list of <see cref="OpenApiParameter"/>
         /// </summary>

test/Microsoft.OpenApi.Readers.Tests/Microsoft.OpenApi.Readers.Tests.csproj

@@ -12,6 +12,10 @@
         <SignAssembly>true</SignAssembly>
         <AssemblyOriginatorKeyFile>..\..\src\Microsoft.OpenApi.snk</AssemblyOriginatorKeyFile>
     </PropertyGroup>
+    <ItemGroup>
+      <None Remove="V3Tests\Samples\OpenApiDocument\securedApi.yaml" />
+      <None Remove="V3Tests\Samples\OpenApiOperation\securedOperation.yaml" />
+    </ItemGroup>
     <ItemGroup>
       <EmbeddedResource Include="OpenApiReaderTests\Samples\unsupported.v1.yaml">
         <CopyToOutputDirectory>Never</CopyToOutputDirectory>
@@ -94,6 +98,7 @@
       <EmbeddedResource Include="V3Tests\Samples\OpenApiDocument\petStoreWithTagAndSecurity.yaml">
         <CopyToOutputDirectory>Never</CopyToOutputDirectory>
       </EmbeddedResource>
+      <EmbeddedResource Include="V3Tests\Samples\OpenApiDocument\securedApi.yaml" />
       <EmbeddedResource Include="V3Tests\Samples\OpenApiEncoding\advancedEncoding.yaml">
         <CopyToOutputDirectory>Never</CopyToOutputDirectory>
       </EmbeddedResource>
@@ -109,6 +114,7 @@
       <EmbeddedResource Include="V3Tests\Samples\OpenApiInfo\minimalInfo.yaml">
         <CopyToOutputDirectory>Never</CopyToOutputDirectory>
       </EmbeddedResource>
+      <EmbeddedResource Include="V3Tests\Samples\OpenApiOperation\securedOperation.yaml" />
       <EmbeddedResource Include="V3Tests\Samples\OpenApiSchema\advancedSchemaWithReference.yaml">
         <CopyToOutputDirectory>Never</CopyToOutputDirectory>
       </EmbeddedResource>

test/Microsoft.OpenApi.Readers.Tests/V3Tests/OpenApiDocumentTests.cs

@@ -4,6 +4,7 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
+using System.Linq;
 using FluentAssertions;
 using Microsoft.OpenApi.Models;
 using Newtonsoft.Json;
@@ -1110,5 +1111,18 @@ public void ParsePetStoreExpandedShouldSucceed()
             context.ShouldBeEquivalentTo(
                     new OpenApiDiagnostic() { SpecificationVersion = OpenApiSpecVersion.OpenApi3_0 });
         }
+
+        [Fact]
+        public void GlobalSecurityRequirementShouldReferenceSecurityScheme()
+        {
+            using (var stream = Resources.GetStream(Path.Combine(SampleFolderPath, "securedApi.yaml")))
+            {
+                var openApiDoc = new OpenApiStreamReader().Read(stream, out var diagnostic);
+
+                var securityRequirement = openApiDoc.SecurityRequirements.First();
+
+                Assert.Same(securityRequirement.Keys.First(), openApiDoc.Components.SecuritySchemes.First().Value);
+            }
+        }
     }
 }

test/Microsoft.OpenApi.Readers.Tests/V3Tests/OpenApiOperationTests.cs

@@ -0,0 +1,29 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT license. 
+
+using System.IO;
+using System.Linq;
+using Xunit;
+
+namespace Microsoft.OpenApi.Readers.Tests.V3Tests
+{
+    public class OpenApiOperationTests
+    {
+        private const string SampleFolderPath = "V3Tests/Samples/OpenApiOperation/";
+
+        [Fact]
+        public void OperationWithSecurityRequirementShouldReferenceSecurityScheme()
+        {
+            using (var stream = Resources.GetStream(Path.Combine(SampleFolderPath, "securedOperation.yaml")))
+            {
+                var openApiDoc = new OpenApiStreamReader().Read(stream, out var diagnostic);
+
+                var securityRequirement = openApiDoc.Paths["/"].Operations[Models.OperationType.Get].Security.First();
+
+                Assert.Same(securityRequirement.Keys.First(), openApiDoc.Components.SecuritySchemes.First().Value);
+            }
+        }
+
+
+    }
+}

test/Microsoft.OpenApi.Readers.Tests/V3Tests/Samples/OpenApiDocument/securedApi.yaml

@@ -0,0 +1,12 @@
+openapi: 3.0.0
+info:
+  title: Example of Security Requirement referencing a security scheme
+  version: 1.0.0
+paths: {}
+security:
+  - basicAuth: []
+components:
+  securitySchemes:
+    basicAuth:
+      type: http
+      scheme: basic

test/Microsoft.OpenApi.Readers.Tests/V3Tests/Samples/OpenApiOperation/securedOperation.yaml

@@ -0,0 +1,17 @@
+openapi: 3.0.0
+info:
+  title: Example of Security Requirement referencing a security scheme
+  version: 1.0.0
+paths:
+  '/':
+    get:
+      security:
+      - basicAuth: []
+      responses:
+        '200':
+          description: OK
+components:
+  securitySchemes:
+    basicAuth:
+      type: http
+      scheme: basic