required-access-token-uri-oauth2-security-scheme-setting

Overview

This rule belongs to the raml-validation ruleset and states that:

If the OAuth 2.0 settings include client_credentials, password or authorization_code in the authorizationGrants list, the settings must also specify a non-empty access token URL using the accessTokenUri property.

Property	Value
Enabled	Yes
Maximum Severity	Error
Message	Required accessTokenUri property in OAuth 2.0 security settings is missing.
Code	RAML_V601
Type	Validation
Rule System	Semantic
Broad Category	Security Schemes
Products Impacted	API Transformer, Code Generation, Developer Experience Portal
Tags	raml semantic validation uri access token settings oauth2 security scheme security

Suggested Fixes

• Add missing accessTokenUri property in the OAuth 2.0 security settings.
• Make sure that the accessTokenUri property is not null or empty.
• If you think that the accessTokenUri is not applicable, remove client_credentials, password or authorization_code grant types from the authorizationGrants OAuth 2.0 setting list.

For More Information

• https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#oauth-20
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#settings
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#security-scheme-types
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#security-scheme-declaration
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-08/raml-08.md#oauth-20
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-08/raml-08.md#settings
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-08/raml-08.md#type-1
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-08/raml-08.md#security
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-08/raml-08.md
• https://docs.apimatic.io/rulesets/overview/