required-open-id-connect-security-scheme-url
Overview
This rule belongs to the openapi-v3-standards-validation ruleset and states that:
If the security scheme type is OpenId Connect (i.e. type is set to openIdConnect), the Security Scheme Object must specify the OpenId Connect URL to discover OAuth2 configuration values, using the openIdConnectUrl property.
| Property | Value |
|---|---|
| Enabled | Yes |
| Maximum Severity | Error |
| Message | Required openIdConnectUrl property in OpenId Connect Security Scheme Object is missing. |
| Code | OPENAPI3STANDARDS_V417 |
| Type | Validation |
| Rule System | Semantic |
| Broad Category | Security Schemes |
| Products Impacted | API Transformer, Code Generation, Developer Experience Portal |
| Tags | openapi3 openapi standards semantic validation url openid connect openid type security scheme security |
Suggested Fixes
- Add missing
openIdConnectUrlproperty in the Security Scheme Object. - Make sure that the
openIdConnectUrlproperty is not null or empty - Choose a different security scheme type if OpenId Connect URL is not applicable in your API authentication's case.
For More Information
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.1.0.md#security-scheme-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#security-scheme-object
- https://github.com/OAI/OpenAPI-Specification/blob/main/versions/3.0.3.md#openapi-specification
- https://docs.apimatic.io/rulesets/overview/