OAuth Flow required fields + validation
See original GitHub issueHi everybody,
I’m currently working on some tooling regarding OAS 3.0.0 and found a situation where I’d need some clarification. Spec defines OAuth Flow Object
as an object with following fields required:
- authorizationUrl
- tokenUrl
- scopes
This is crystal clear so far. Next I’m using JSON Schema provided in this repo to validate the OAS 3.0.0 definition. But looking into the JSON Schema document reveals that none of the OAuth Flow
objects require above define fields to be required. Some OAuthFlow objects requires just one field, other two. I’m not sure if this is intended (for particular type of OAuth Flow to have only certain fields required) or this is something we should fixed.
Update
I completely missed Applies To column of OAuth Flow Object. That clarifies things out. But scopes
are required in ImplicitOAuthFlow
only, even though they should be required in all flow types. In this case is the spec or the JSON Schema the source of truth?
ImplicitOAuthFlow:
type: object
required:
- authorizationUrl
- scopes
properties:
authorizationUrl:
type: string
format: uri-reference
refreshUrl:
type: string
format: uri-reference
scopes:
type: object
additionalProperties:
type: string
patternProperties:
'^x-': {}
additionalProperties: false
PasswordOAuthFlow:
type: object
required:
- tokenUrl
properties:
tokenUrl:
type: string
format: uri-reference
refreshUrl:
type: string
format: uri-reference
scopes:
type: object
additionalProperties:
type: string
patternProperties:
'^x-': {}
additionalProperties: false
ClientCredentialsFlow:
type: object
required:
- tokenUrl
properties:
tokenUrl:
type: string
format: uri-reference
refreshUrl:
type: string
format: uri-reference
scopes:
type: object
additionalProperties:
type: string
patternProperties:
'^x-': {}
additionalProperties: false
AuthorizationCodeOAuthFlow:
type: object
required:
- authorizationUrl
- tokenUrl
properties:
authorizationUrl:
type: string
format: uri-reference
tokenUrl:
type: string
format: uri-reference
refreshUrl:
type: string
format: uri-reference
scopes:
type: object
additionalProperties:
type: string
patternProperties:
'^x-': {}
additionalProperties: false
Thanks for any clarification to this!
Issue Analytics
- State:
- Created 2 years ago
- Comments:8 (8 by maintainers)
Top GitHub Comments
@char0n thanks - I’m working on the GitHub action to regenerate and republish the schemas when they change but it has taken longer than expected. I’ll raise a PR to resync manually.
Pull request has been issued against
main
branch: https://github.com/OAI/OpenAPI-Specification/pull/2673