required-authorization-uri-oauth2-security-scheme-setting

Overview

This rule belongs to the raml-validation ruleset and states that:

If the OAuth 2.0 settings include implicit or authorization_code in the authorizationGrants list, the settings must also specify a non-empty authorization URL using the authorizationUri property.

Property	Value
Enabled	Yes
Maximum Severity	Error
Message	Required authorizationUri property in OAuth 2.0 security settings is missing.
Code	RAML_V600
Type	Validation
Rule System	Semantic
Broad Category	Security Schemes
Products Impacted	API Transformer, Code Generation, Developer Experience Portal
Tags	raml semantic validation uri authorization settings oauth2 security scheme security

Suggested Fixes

• Add missing authorizationUri property in the OAuth 2.0 security settings.
• Make sure that the authorizationUri property is not null or empty.
• If you think that the authorizationUri is not applicable, remove implicit or authorization_code grant types from the authorizationGrants OAuth 2.0 setting list.

For More Information

• https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#oauth-20
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#settings
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#security-scheme-types
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md#security-scheme-declaration
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-08/raml-08.md#oauth-20
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-08/raml-08.md#settings
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-08/raml-08.md#type-1
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-08/raml-08.md#security
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-10/raml-10.md
• https://github.com/raml-org/raml-spec/blob/master/versions/raml-08/raml-08.md
• https://docs.apimatic.io/rulesets/overview/