This rule belongs to the
openapi-v3-standards-linting ruleset and states that:
If you have defined a security scheme of
type set as
http you also need to provide a name of the HTTP Authorization scheme using the
scheme property. The value of this HTTP security scheme should be registered in the IANA Authentication Scheme registry.
|Message||Unregistered HTTP security scheme detected.|
|Broad Category||Security Schemes|
|Products Impacted||API Transformer, Code Generation, Developer Experience Portal|
- Ensure that the scheme name you have mentioned in the
schemeproperty is present in the IANA Authentication Scheme registry.
- Ensure that the scheme name is not null or empty.
- The IANA Authentication Scheme registry has the following scheme names registered: Basic, Bearer, Digest, HOBA, Mutual, Negotiate, OAuth, SCRAM-SHA-1, SCRAM-SHA-256, vapid.
- Names are compared in a case-insensitive manner.
For More Information