Skip to main content



This rule belongs to the swagger-v2-standards-validation ruleset and states that:

If the flow type is set as implicit or accessCode in the OAuth 2.0 Security Scheme Object, then the OAuth 2.0 Security Scheme Object must specify the authorization URL to be used for this flow, using the authorizationUrl property.

Maximum SeverityError
MessageRequired authorizationUrl property in OAuth 2.0 Security Scheme Object is missing.
Rule SystemSemantic
Broad CategorySecurity Schemes
Products ImpactedAPI Transformer, Code Generation, Developer Experience Portal
Tagsswagger2 swagger standards semantic validation url authorization oauth2 flow type security scheme security

Suggested Fixes

  • Add missing authorizationUrl property in the OAuth 2.0 Security Scheme Object.
  • Make sure that the authorizationUrl property is not null or empty.
  • Choose a different flow type in the OAuth 2.0 Security Scheme Object if the current URL is not applicable for your API authentication.

For More Information