Swagger-editor: "security" does not resolve reference to array

Created on 16 Jan 2018  路  5Comments  路  Source: swagger-api/swagger-editor

| Q | A
| ----------------------------------- | -------
| Bug or feature request? | Bug
| Which Swagger/OpenAPI version? | 2.0
| Which Swagger-Editor version? | 3.2.4/g865148f1-dirty
| How did you install Swagger-Editor? | No, testing on https://editor.swagger.io/
| Which broswer & version? | Google Chrome 63.0.3239.132 64-bit
| Which operating system? | Windows 10

YAML

Sample test YAML is derived from the uber sample from OAI.

The only difference is I moved the list of "security" values out into a custom "x-common-scopes".

Expected Behavior

Syntax should be able to resolve the reference.

Current Behavior

image

The editor flags this as an error and reports

security: { $ref: '#/x-common-scopes/scope-read' }

with error:

Schema error at paths['/products'].get.security
should be array
Jump to line 42

Context

Due to the large permutations of of paths and operations in our actual swagger, we opted to group common scopes so that security properties can just reference existing scope groups instead of having to repeatedly define the same scopes manually in every security property.

All 5 comments

security and securityDefinitions do not support $ref. There is a corresponding feature request in the OpenAPI Specification repository.

I should have searched there first. Thanks for pointing me in the right direction.

@radj A possible workaround is to use YAML anchors, but whether this will work depends on whether the tools processing your spec support YAML anchors. It works in Swagger Editor/UI, but I don't know about other tools.

Note that &anchors must be defined _before_ they are *-referenced.

swagger: '2.0'
info:
  version: 0.0.0
  title: test

securityDefinitions:
  oauth2:
    type: oauth2
    flow: accessCode
    authorizationUrl: https://auth.example.com/oauth/authorize
    tokenUrl: https://auth.example.com/oauth/token
    scopes:
      read: read access
      write: write access
      admin: admin access

x-common-scopes:
  read-write: &SCOPES_READ_WRITE     # <----------------
    - read
    - write
  all:        &SCOPES_ALL   # <----------------
    - read
    - write
    - admin

paths:
  /foo:
    get:
      security:
        - oauth2: *SCOPES_READ_WRITE   # <----------------
      responses:
        200:
          description: OK
  /bar:
    get:
      security:
        - oauth2: *SCOPES_ALL   # <----------------
      responses:
        200:
          description: OK

Looks like what we need for now. Thank you so much for the suggestion!

It seems to even work at the security level. See AUTH_WITH_SCOPE.

swagger: '2.0'
info:
  version: 0.0.0
  title: test

securityDefinitions:
  oauth2:
    type: oauth2
    flow: accessCode
    authorizationUrl: https://auth.example.com/oauth/authorize
    tokenUrl: https://auth.example.com/oauth/token
    scopes:
      read: read access
      write: write access
      admin: admin access

x-common-scopes:
  auth_and_scope: &AUTH_WITH_SCOPE
    - oauth2:
      - read
  read-write: &SCOPES_READ_WRITE     # <----------------
    - read
    - write
  all:        &SCOPES_ALL   # <----------------
    - read
    - write
    - admin

paths:
  /foo:
    get:
      security:
        - oauth2: *SCOPES_READ_WRITE   # <----------------
      responses:
        200:
          description: OK
  /bar:
    get:
      security: *AUTH_WITH_SCOPE
      responses:
        200:
          description: OK

Was this page helpful?
0 / 5 - 0 ratings

Related issues

ClementVidal picture ClementVidal  路  6Comments

alecmev picture alecmev  路  4Comments

delim29 picture delim29  路  4Comments

korenlev picture korenlev  路  4Comments

marcopiraccini picture marcopiraccini  路  3Comments