Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Swagger 2.0 's security scheme validated against OAS 3.0 instead of swagger 2.0
See original GitHub issueFrom @pbarbier on March 23, 2018 18:15
When editing a swagger 2.0 yaml content featuring oauth2 security schemes like below:
swagger: "2.0"
info:
title: wow
version: 1.0.0
paths:
/:
get:
description: wow
responses:
200:
description: ok
securityDefinitions:
oauth2_Password:
type: oauth2
tokenUrl: /authorizationserver/oauth/token
flow: password
scopes:
basic: ''
oauth2_client_credentials:
type: oauth2
tokenUrl: /authorizationserver/oauth/token
flow: application
scopes:
extended: ''
apikey:
type: apiKey
name: myAuth
basic:
type: basic
in: header
Several nonsensical errors are reported:
Structural error at securityDefinitions.oauth2_Password
should NOT have additional properties
additionalProperty: tokenUrl, flow, scopes
Structural error at securityDefinitions.oauth2_Password.type
should be equal to one of the allowed values
allowedValues: basic, apiKey
Structural error at securityDefinitions.oauth2_Password.tokenUrl
should match format "uri"
format: uri
Structural error at securityDefinitions.oauth2_Password.flow
should be equal to one of the allowed values
allowedValues: implicit, application, accessCode
Structural error at securityDefinitions.oauth2_client_credentials
should NOT have additional properties
additionalProperty: tokenUrl, flow, scopes
Structural error at securityDefinitions.oauth2_client_credentials.type
should be equal to one of the allowed values
allowedValues: basic, apiKey
Structural error at securityDefinitions.oauth2_client_credentials.tokenUrl
should match format "uri"
format: uri
Structural error at securityDefinitions.oauth2_client_credentials.flow
should be equal to one of the allowed values
allowedValues: implicit, password, accessCode
Structural error at securityDefinitions.apikey
should NOT have additional properties
additionalProperty: name
Structural error at securityDefinitions.apikey.type
should be equal to one of the allowed values
allowedValues: basic, oauth2
Structural error at securityDefinitions.basic
should NOT have additional properties
additionalProperty: in
Structural error at securityDefinitions.basic.type
should be equal to one of the allowed values
allowedValues: apiKey, oauth2
| Q | A |
|---|---|
| Bug or feature request? | Bug |
| Which Swagger/OpenAPI version? | Swagger 2.0 |
| Which Swagger-UI version? | 3.13.0 |
| How did you install Swagger-UI? | Use through editor.swagger.io |
| Which browser & version? | Chrome latest |
| Which operating system? | WIN10 |
Demonstration API definition
See above
Configuration (browser query string, constructor, config.yaml)
regular use of editor.swagger.io
Expected Behavior
No error should be shown for this part of the yaml
Current Behavior
See above
Possible Solution
Context
The error messages are misleading. They claim the content is not valid when it is.
Copied from original issue: swagger-api/swagger-ui#4364
Issue Analytics
- State:
- Created 5 years ago
- Reactions:1
- Comments:12 (7 by maintainers)
Top Results From Across the Web
Open API 3.0 vs Swagger 2.0 - Medium
Compared to Swagger 2.0, Open API specification comes in more modular and reusable approach to defining the API and it is more powerful,...
Read more >OpenAPI Specification - Version 2.0 - Swagger
The list of values describes alternative security schemes that can be used (that is, there is a logical OR between the security requirements)....
Read more >Authentication - Swagger
OAS 3 This guide is for OpenAPI 3.0. If you use OpenAPI 2.0, see our OpenAPI 2.0 guide. Authentication and Authorization. OpenAPI uses...
Read more >What Is the Difference Between Swagger and OpenAPI?
OpenAPI is a specification and Swagger provides tools for implementing that specification. Learn more about Swagger versus OpenAPI and get ...
Read more >Authentication - Swagger
Swagger 2.0 lets you define the following authentication types for an API: ... The securityDefinitions section is used to define all security schemes...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@pbarbier, I’ve opened a PR that addresses the case you just mentioned 😄
As for the main part of this ticket, I’m going to backlog it for now, since we tend to batch schema validator fixes and this appears to be closely related to the other difficulties we’re seeing at the moment.
I’ve opened a pull request (#1985) that will close this issue.
Here’s what Swagger Editor reports with my changes: