Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

"security" does not resolve reference to array

See original GitHub issue
Q A
Bug or feature request? Bug
Which Swagger/OpenAPI version? 2.0
Which Swagger-Editor version? 3.2.4/g865148f1-dirty
How did you install Swagger-Editor? No, testing on https://editor.swagger.io/
Which broswer & version? Google Chrome 63.0.3239.132 64-bit
Which operating system? Windows 10

YAML

Sample test YAML is derived from the uber sample from OAI.

The only difference is I moved the list of “security” values out into a custom “x-common-scopes”.

Expected Behavior

Syntax should be able to resolve the reference.

Current Behavior

image

The editor flags this as an error and reports

security: { $ref: '#/x-common-scopes/scope-read' }

with error:

Schema error at paths['/products'].get.security
should be array
Jump to line 42

Context

Due to the large permutations of of paths and operations in our actual swagger, we opted to group common scopes so that security properties can just reference existing scope groups instead of having to repeatedly define the same scopes manually in every security property.

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
radjcommented, Jan 16, 2018

It seems to even work at the security level. See AUTH_WITH_SCOPE.


swagger: '2.0'
info:
  version: 0.0.0
  title: test

securityDefinitions:
  oauth2:
    type: oauth2
    flow: accessCode
    authorizationUrl: https://auth.example.com/oauth/authorize
    tokenUrl: https://auth.example.com/oauth/token
    scopes:
      read: read access
      write: write access
      admin: admin access

x-common-scopes:
  auth_and_scope: &AUTH_WITH_SCOPE
    - oauth2:
      - read
  read-write: &SCOPES_READ_WRITE     # <----------------
    - read
    - write
  all:        &SCOPES_ALL   # <----------------
    - read
    - write
    - admin

paths:
  /foo:
    get:
      security:
        - oauth2: *SCOPES_READ_WRITE   # <----------------
      responses:
        200:
          description: OK
  /bar:
    get:
      security: *AUTH_WITH_SCOPE
      responses:
        200:
          description: OK
1reaction
hkosovacommented, Jan 16, 2018

@radj A possible workaround is to use YAML anchors, but whether this will work depends on whether the tools processing your spec support YAML anchors. It works in Swagger Editor/UI, but I don’t know about other tools.

Note that &anchors must be defined before they are *-referenced.

swagger: '2.0'
info:
  version: 0.0.0
  title: test

securityDefinitions:
  oauth2:
    type: oauth2
    flow: accessCode
    authorizationUrl: https://auth.example.com/oauth/authorize
    tokenUrl: https://auth.example.com/oauth/token
    scopes:
      read: read access
      write: write access
      admin: admin access

x-common-scopes:
  read-write: &SCOPES_READ_WRITE     # <----------------
    - read
    - write
  all:        &SCOPES_ALL   # <----------------
    - read
    - write
    - admin

paths:
  /foo:
    get:
      security:
        - oauth2: *SCOPES_READ_WRITE   # <----------------
      responses:
        200:
          description: OK
  /bar:
    get:
      security:
        - oauth2: *SCOPES_ALL   # <----------------
      responses:
        200:
          description: OK
Read more comments on GitHub >

github_iconTop Results From Across the Web

Swagger Resolver error, Could not resolve reference
I'm setting up a new asp.net core 3.1 project, exposing a RESTful API in FHIR format, which is a format extending JSON. I'd...
Read more >
Array.Find<T>(T[], Predicate<T>) Method (System)
Searches for an element that matches the conditions defined by the specified predicate, and returns the first occurrence within the entire Array.
Read more >
Arrays - Manual - PHP
Attempting to access an array key which has not been defined is the same as accessing any other undefined variable: an E_WARNING -level...
Read more >
SharedArrayBuffer - JavaScript - MDN Web Docs
To share memory using SharedArrayBuffer objects from one agent in the cluster to another (an agent is either the web page's main program...
Read more >
Reference - Sanity.io
To model a one-to-many relation, store the references in an array. ... A weak reference allows pointing to documents that may not exist...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Equivalent paths are not allowed even thogh the path + verb combination is different

Next page

Incorrect validation message for unique operationId