required-oauth2-security-scheme-flows
Overview
This rule belongs to the openapi-v3-standards-validation ruleset and states that:
If the security scheme type is OAuth 2.0 (i.e. type is set to oauth2), the Security Scheme Object must specify an object containing configuration information for the flow types supported, using the flows property.
| Property | Value |
|---|---|
| Enabled | Yes |
| Maximum Severity | Error |
| Message | Required flows property in OAuth 2.0 Security Scheme Object is missing. |
| Code | OPENAPI3STANDARDS_V416 |
| Type | Validation |
| Rule System | Semantic |
| Broad Category | Security Schemes |
| Products Impacted | API Transformer, Code Generation, Developer Experience Portal |
| Tags | openapi3 openapi standards semantic validation oauth2 flows type security scheme security |
Suggested Fixes
- Add missing
flowsproperty in the Security Scheme Object. - Make sure that the
flowsproperty is not set as null. - Choose a different security scheme type if OAuth 2.0 flows are not applicable in your API authentication's case.
For More Information
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#security-scheme-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#oauth-flows-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#security-scheme-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#oauth-flows-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#openapi-specification
- https://docs.apimatic.io/rulesets/overview/