required-oauth2-flow-token-url
Overview
This rule belongs to the openapi-v3-standards-validation ruleset and states that:
If the flow type is set as password, clientCredentials or authorizationCode in the OAuth Flows Object, then the OAuth Flow Object must specify the token URL to be used for this flow, using the tokenUrl property.
| Property | Value |
|---|---|
| Enabled | Yes |
| Maximum Severity | Error |
| Message | Required tokenUrl property in OAuth Flow Object is missing. |
| Code | OPENAPI3STANDARDS_V441 |
| Type | Validation |
| Rule System | Semantic |
| Broad Category | OAuth 2.0 Flows |
| Products Impacted | API Transformer, Code Generation, Developer Experience Portal |
| Tags | openapi3 openapi standards semantic validation url access token token oauth2 flows type security scheme security |
Suggested Fixes
- Add missing
tokenUrlproperty in the OAuth Flow Object. - Make sure that the
tokenUrlis not null or empty. - Choose a different flow type in the OAuth Flows Object if the current URL is not applicable for your API authentication.
For More Information
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#oauth-flow-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#oauth-flows-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#security-scheme-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#oauth-flow-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#oauth-flows-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#security-scheme-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#openapi-specification
- https://docs.apimatic.io/rulesets/overview/