empty-security-requirement-property-array-for-non-oauth2-schemes
Overview
This rule belongs to the swagger-v2-standards-validation ruleset and states that:
In a Swagger 2.0 document, the Security Requirement Object property value allows specifying scope values for OAuth 2.0 security schemes. For all other security scheme types (i.e. for type not set as oauth2), the property value must be set as an empty array.
| Property | Value |
|---|---|
| Enabled | Yes |
| Maximum Severity | Error |
| Message | Security requirement value is not an empty array. |
| Code | SWAGGER20STANDARDS_V412 |
| Type | Validation |
| Rule System | Semantic |
| Broad Category | Security Requirements |
| Products Impacted | API Transformer, Code Generation, Developer Experience Portal |
| Tags | swagger2 swagger standards semantic validation scopes oauth 2.0 security schemes security requirement security |
Suggested Fixes
- Set the security requirement property value as an empty array i.e. remove any items included in the array.
- If you want to add scope values in the array, make sure that the security scheme you are applying using the security requirement property is of type
oauth2. - The array can only contain scope values for OAuth 2.0 security schemes and should not contain any other type of data.
- Security roles specific data can only be added for Swagger 2.0 documents.