Skip to main content



This rule belongs to the raml-validation ruleset and states that:

If the OAuth 2.0 settings include implicit or authorization_code in the authorizationGrants list, the settings must also specify a non-empty authorization URL using the authorizationUri property.

Maximum SeverityError
MessageRequired authorizationUri property in OAuth 2.0 security settings is missing.
Rule SystemSemantic
Broad CategorySecurity Schemes
Products ImpactedAPI Transformer, Code Generation, Developer Experience Portal
Tagsraml semantic validation uri authorization settings oauth2 security scheme security

Suggested Fixes

  • Add missing authorizationUri property in the OAuth 2.0 security settings.
  • Make sure that the authorizationUri property is not null or empty.
  • If you think that the authorizationUri is not applicable, remove implicit or authorization_code grant types from the authorizationGrants OAuth 2.0 setting list.

For More Information