Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

OAS 3.0 securityScheme type "oauth2" not supported

See original GitHub issue

In the components, if I put a “securityScheme” with type “oauth2”, I get errors :

Schema error at components.securitySchemes['apiOAuth']
should NOT have additional properties
additionalProperty: flows

Schema error at components.securitySchemes['apiOAuth'].type
should be equal to one of the allowed values
allowedValues: apiKey, http, openIdConnect

Schema error at components.securitySchemes['apiOAuth'].flows.implicit
should NOT have additional properties
additionalProperty: tokenUrl

Demonstration API definition

Based on the petstore example.

openapi: "3.0.0"
info:
  version: 1.0.0
  title: Swagger Petstore
  license:
    name: MIT
servers:
  - url: http://petstore.swagger.io/v1
paths:
  /pets:
    get:
      summary: List all pets
      operationId: listPets
      tags:
        - pets
      parameters:
        - name: limit
          in: query
          description: How many items to return at one time (max 100)
          required: false
          schema:
            type: integer
            format: int32
      responses:
        '200':
          description: An paged array of pets
          headers:
            x-next:
              description: A link to the next page of responses
              schema:
                type: string
          content:
            application/json:    
              schema:
                $ref: "#/components/schemas/Pets"
        default:
          description: unexpected error
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Error"
    post:
      summary: Create a pet
      operationId: createPets
      tags:
        - pets
      responses:
        '201':
          description: Null response
        default:
          description: unexpected error
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Error"
  /pets/{petId}:
    get:
      summary: Info for a specific pet
      operationId: showPetById
      tags:
        - pets
      parameters:
        - name: petId
          in: path
          required: true
          description: The id of the pet to retrieve
          schema:
            type: string
      responses:
        '200':
          description: Expected response to a valid request
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Pets"
        default:
          description: unexpected error
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Error"
components:
  schemas:
    Pet:
      required:
        - id
        - name
      properties:
        id:
          type: integer
          format: int64
        name:
          type: string
        tag:
          type: string
    Pets:
      type: array
      items:
        $ref: "#/components/schemas/Pet"
    Error:
      required:
        - code
        - message
      properties:
        code:
          type: integer
          format: int32
        message:
          type: string
  securitySchemes:
    apiOAuth:
      type: oauth2
      flows:
        implicit:
          authorizationUrl: 'https://myapi.com/oauth/authorize'
          tokenUrl: 'https://myapi.com/oauth/token'
          refreshUrl: 'https://myapi.com/oauth/token/refresh'
          scopes:
            -'write:pets': "modify pets in your account"

Current Behavior

The “oauth2” type for securitySchemes is not implemented ?

Issue Analytics

State:
Created 6 years ago
Reactions:1
Comments:9 (3 by maintainers)

Top GitHub Comments

3reactions

vnextcodercommented, Nov 1, 2017

Ok. got it working by replacing flow with flows and tokenUrl is must. However, the Validation error is still incorrect when tokenUrl is missing or flows is written as flow

1reaction

webroncommented, Aug 30, 2017

@rygilles while there’s an issue with the validation error because it’s not giving you the right problem, your definition is invalid because implicit flow doesn’t support the tokenUrl field.

Top Results From Across the Web

Authentication - Swagger

OAS 3 This guide is for OpenAPI 3.0. ... You use securitySchemes to define all security schemes your API supports, then use security...

OpenAPI Specification v3.0.3 | Introduction, Definitions, & More

Tooling which supports OAS 3.0 SHOULD be compatible with all OAS 3.0.* versions. The patch version SHOULD NOT be considered by tooling, making ......

OAuth2 client credentials don't working at portal

Looks like you are specifying Authorization Code grant type, not Client Credentials in your Open API Spec. Here's what I use for OAS...

Using OpenAPI and Swagger UI - Quarkus

The value / is not allowed as it blocks the application from serving anything else. ... quarkus.smallrye-openapi.oauth2-security-scheme-value.

Documenting the API in OAS 3.0 — Django {json:api} training ...

OAS 3.0 support is still evolving (the standard is just about one year old) so ... version: v1 components: securitySchemes: course_auth: type: oauth2...