Skip to main content



This rule belongs to the openapi-v3-standards-validation ruleset and states that:

If the security scheme type is OAuth 2.0 (i.e. type is set to oauth2), the Security Scheme Object must specify an object containing configuration information for the flow types supported, using the flows property.

Maximum SeverityError
MessageRequired flows property in OAuth 2.0 Security Scheme Object is missing.
Rule SystemSemantic
Broad CategorySecurity Schemes
Products ImpactedAPI Transformer, Code Generation, Developer Experience Portal
Tagsopenapi3 openapi standards semantic validation oauth2 flows type security scheme security

Suggested Fixes

  • Add missing flows property in the Security Scheme Object.
  • Make sure that the flows property is not set as null.
  • Choose a different security scheme type if OAuth 2.0 flows are not applicable in your API authentication's case.

For More Information