In the components, if I put a "securityScheme" with type "oauth2", I get errors :
Schema error at components.securitySchemes['apiOAuth']
should NOT have additional properties
additionalProperty: flows
Schema error at components.securitySchemes['apiOAuth'].type
should be equal to one of the allowed values
allowedValues: apiKey, http, openIdConnect
Schema error at components.securitySchemes['apiOAuth'].flows.implicit
should NOT have additional properties
additionalProperty: tokenUrl
Based on the petstore example.
openapi: "3.0.0"
info:
version: 1.0.0
title: Swagger Petstore
license:
name: MIT
servers:
- url: http://petstore.swagger.io/v1
paths:
/pets:
get:
summary: List all pets
operationId: listPets
tags:
- pets
parameters:
- name: limit
in: query
description: How many items to return at one time (max 100)
required: false
schema:
type: integer
format: int32
responses:
'200':
description: An paged array of pets
headers:
x-next:
description: A link to the next page of responses
schema:
type: string
content:
application/json:
schema:
$ref: "#/components/schemas/Pets"
default:
description: unexpected error
content:
application/json:
schema:
$ref: "#/components/schemas/Error"
post:
summary: Create a pet
operationId: createPets
tags:
- pets
responses:
'201':
description: Null response
default:
description: unexpected error
content:
application/json:
schema:
$ref: "#/components/schemas/Error"
/pets/{petId}:
get:
summary: Info for a specific pet
operationId: showPetById
tags:
- pets
parameters:
- name: petId
in: path
required: true
description: The id of the pet to retrieve
schema:
type: string
responses:
'200':
description: Expected response to a valid request
content:
application/json:
schema:
$ref: "#/components/schemas/Pets"
default:
description: unexpected error
content:
application/json:
schema:
$ref: "#/components/schemas/Error"
components:
schemas:
Pet:
required:
- id
- name
properties:
id:
type: integer
format: int64
name:
type: string
tag:
type: string
Pets:
type: array
items:
$ref: "#/components/schemas/Pet"
Error:
required:
- code
- message
properties:
code:
type: integer
format: int32
message:
type: string
securitySchemes:
apiOAuth:
type: oauth2
flows:
implicit:
authorizationUrl: 'https://myapi.com/oauth/authorize'
tokenUrl: 'https://myapi.com/oauth/token'
refreshUrl: 'https://myapi.com/oauth/token/refresh'
scopes:
-'write:pets': "modify pets in your account"
The "oauth2" type for securitySchemes is not implemented ?
@rygilles while there's an issue with the validation error because it's not giving you the right problem, your definition is invalid because implicit flow doesn't support the tokenUrl field.
@webron My bad ! It works without the tokenUrl. Thanks.
Happy to hear. I'm reopening this because we still need to ensure a better validation error.
it is still an issue even after commenting out tokenURL
components:
securitySchemes:
apiOAuth:
type: oauth2
flow:
authorizationCode:
authorizationUrl: https://example.com/oauth/authorize
refreshUrl: https://example.com/oauth/refresh
#tokenUrl: https://example.com/oauth/token
scopes:
read: Grants read access
write: Grants write access
Error shown as below
Schema error at components.securitySchemes['apiOAuth']
should NOT have additional properties
additionalProperty: flow
Jump to line 47
Schema error at components.securitySchemes['apiOAuth'].type
should be equal to one of the allowed values
allowedValues: apiKey, http, openIdConnect
Jump to line 48
I have tried using local version (downloaded from github) as well as https://editor.swagger.io/ and the response is same.
Ok. got it working by replacing flow with flows and tokenUrl is must. However, the Validation error
is still incorrect when tokenUrl is missing or flows is written as flow
I'm having the same issue. I define the securitySchemes object in components like this:
components:
securitySchemes:
tradebook_auth:
type: oauth2
flow:
implicit:
authorizationURL: https://example.com/api/oauth/dialog"
scopes:
write:trades: "Modify trades in your account."
read:trades: "Read your trades."
and I get the following errors:
Schema error at components.securitySchemes['tradebook_auth']
should NOT have additional properties additionalProperty: flow
Schema error at components.securitySchemes['tradebook_auth'].type
should be equal to one of the allowed values allowedValues: apiKey, http, openIdConnect
I had originally called the property flows as per the spec (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#oauthFlowsObject), and was getting an additional error, but I changed that to flow after reading the feedback here.
Another weird thing is that if I change type: oauth2 to type: oauth, the error message changes to
Schema error at components.securitySchemes['tradebook_auth'].type
should be equal to one of the allowed values allowedValues: apiKey, http, oauth2, openIdConnect
so it recognises oauth2 as one of the allowedValues when it isn't there, but not when it is there.
Having same issue, commenting to correct @BodkinVanHorn 's link:
https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#oauthFlowsObject
I've opened a pull request (#1985) that will close this issue.
Here's what Swagger Editor reports with my changes:
"Structural error at [...]apiOAuth.flows.implicit
should NOT have additional properties
additionalProperty: tokenUrl"
Most helpful comment
Ok. got it working by replacing
flowwithflowsandtokenUrlis must. However, the Validation erroris still incorrect when
tokenUrlis missing orflowsis written asflow