required-oauth2-flow-authorization-url
Overview
This rule belongs to the openapi-v3-standards-validation ruleset and states that:
If the flow type is set as implicit or authorizationCode in the OAuth Flows Object, then the OAuth Flow Object must specify the authorization URL to be used for this flow, using the authorizationUrl property.
| Property | Value |
|---|---|
| Enabled | Yes |
| Maximum Severity | Error |
| Message | Required authorizationUrl property in OAuth Flow Object is missing. |
| Code | OPENAPI3STANDARDS_V440 |
| Type | Validation |
| Rule System | Semantic |
| Broad Category | OAuth 2.0 Flows |
| Products Impacted | API Transformer, Code Generation, Developer Experience Portal |
| Tags | openapi3 openapi standards semantic validation url authorization oauth2 flows type security scheme security |
Suggested Fixes
- Add missing
authorizationUrlproperty in the OAuth Flow Object. - Make sure that the
authorizationUrlproperty is not null or empty. - Choose a different flow type in the OAuth Flows Object if the current URL is not applicable for your API authentication.
For More Information
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#oauth-flow-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#oauth-flows-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#security-scheme-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#oauth-flow-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#oauth-flows-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#security-scheme-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#openapi-specification
- https://docs.apimatic.io/rulesets/overview/