Swagger-editor: OAS 3.0 securityScheme type "oauth2" not supported

Created on 30 Aug 2017  路  8Comments  路  Source: swagger-api/swagger-editor

In the components, if I put a "securityScheme" with type "oauth2", I get errors :

Schema error at components.securitySchemes['apiOAuth']
should NOT have additional properties
additionalProperty: flows

Schema error at components.securitySchemes['apiOAuth'].type
should be equal to one of the allowed values
allowedValues: apiKey, http, openIdConnect

Schema error at components.securitySchemes['apiOAuth'].flows.implicit
should NOT have additional properties
additionalProperty: tokenUrl

Demonstration API definition

Based on the petstore example.

openapi: "3.0.0"
info:
  version: 1.0.0
  title: Swagger Petstore
  license:
    name: MIT
servers:
  - url: http://petstore.swagger.io/v1
paths:
  /pets:
    get:
      summary: List all pets
      operationId: listPets
      tags:
        - pets
      parameters:
        - name: limit
          in: query
          description: How many items to return at one time (max 100)
          required: false
          schema:
            type: integer
            format: int32
      responses:
        '200':
          description: An paged array of pets
          headers:
            x-next:
              description: A link to the next page of responses
              schema:
                type: string
          content:
            application/json:    
              schema:
                $ref: "#/components/schemas/Pets"
        default:
          description: unexpected error
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Error"
    post:
      summary: Create a pet
      operationId: createPets
      tags:
        - pets
      responses:
        '201':
          description: Null response
        default:
          description: unexpected error
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Error"
  /pets/{petId}:
    get:
      summary: Info for a specific pet
      operationId: showPetById
      tags:
        - pets
      parameters:
        - name: petId
          in: path
          required: true
          description: The id of the pet to retrieve
          schema:
            type: string
      responses:
        '200':
          description: Expected response to a valid request
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Pets"
        default:
          description: unexpected error
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Error"
components:
  schemas:
    Pet:
      required:
        - id
        - name
      properties:
        id:
          type: integer
          format: int64
        name:
          type: string
        tag:
          type: string
    Pets:
      type: array
      items:
        $ref: "#/components/schemas/Pet"
    Error:
      required:
        - code
        - message
      properties:
        code:
          type: integer
          format: int32
        message:
          type: string
  securitySchemes:
    apiOAuth:
      type: oauth2
      flows:
        implicit:
          authorizationUrl: 'https://myapi.com/oauth/authorize'
          tokenUrl: 'https://myapi.com/oauth/token'
          refreshUrl: 'https://myapi.com/oauth/token/refresh'
          scopes:
            -'write:pets': "modify pets in your account"

Current Behavior

The "oauth2" type for securitySchemes is not implemented ?

P2 validation schema validation error quality bug 3.x

Most helpful comment

Ok. got it working by replacing flow with flows and tokenUrl is must. However, the Validation error
is still incorrect when tokenUrl is missing or flows is written as flow

All 8 comments

@rygilles while there's an issue with the validation error because it's not giving you the right problem, your definition is invalid because implicit flow doesn't support the tokenUrl field.

@webron My bad ! It works without the tokenUrl. Thanks.

Happy to hear. I'm reopening this because we still need to ensure a better validation error.

it is still an issue even after commenting out tokenURL

components:
  securitySchemes:
    apiOAuth:
      type: oauth2
      flow:
        authorizationCode:
          authorizationUrl: https://example.com/oauth/authorize
          refreshUrl: https://example.com/oauth/refresh
          #tokenUrl: https://example.com/oauth/token
          scopes:
            read: Grants read access
            write: Grants write access

Error shown as below

Schema error at components.securitySchemes['apiOAuth']
should NOT have additional properties
additionalProperty: flow
Jump to line 47
Schema error at components.securitySchemes['apiOAuth'].type
should be equal to one of the allowed values
allowedValues: apiKey, http, openIdConnect
Jump to line 48

I have tried using local version (downloaded from github) as well as https://editor.swagger.io/ and the response is same.

Ok. got it working by replacing flow with flows and tokenUrl is must. However, the Validation error
is still incorrect when tokenUrl is missing or flows is written as flow

I'm having the same issue. I define the securitySchemes object in components like this:

components:
  securitySchemes:
    tradebook_auth:
      type: oauth2
      flow:
        implicit:
          authorizationURL: https://example.com/api/oauth/dialog"
          scopes:
            write:trades: "Modify trades in your account."
            read:trades: "Read your trades."

and I get the following errors:

Schema error at components.securitySchemes['tradebook_auth']
should NOT have additional properties additionalProperty: flow 

Schema error at components.securitySchemes['tradebook_auth'].type
should be equal to one of the allowed values allowedValues: apiKey, http, openIdConnect 

I had originally called the property flows as per the spec (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#oauthFlowsObject), and was getting an additional error, but I changed that to flow after reading the feedback here.

Another weird thing is that if I change type: oauth2 to type: oauth, the error message changes to

Schema error at components.securitySchemes['tradebook_auth'].type
should be equal to one of the allowed values allowedValues: apiKey, http, oauth2, openIdConnect

so it recognises oauth2 as one of the allowedValues when it isn't there, but not when it is there.

Having same issue, commenting to correct @BodkinVanHorn 's link:
https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#oauthFlowsObject

I've opened a pull request (#1985) that will close this issue.

Here's what Swagger Editor reports with my changes:

"Structural error at [...]apiOAuth.flows.implicit
should NOT have additional properties
additionalProperty: tokenUrl"
Was this page helpful?
0 / 5 - 0 ratings