required-oauth2-security-scheme-flow

Overview

This rule belongs to the swagger-v2-standards-validation ruleset and states that:

If the security scheme type is OAuth 2.0 (i.e. type is set to oauth2), the Security Scheme Object must specify the flow used by the OAuth 2.0 security scheme, using the flow property. It must have only one of the following values: implicit, password, application or accessCode.

Property	Value
Enabled	Yes
Maximum Severity	Error
Message	Required flow property in OAuth 2.0 Security Scheme Object is missing.
Code	SWAGGER20STANDARDS_V376
Type	Validation
Rule System	Semantic
Broad Category	Security Schemes
Products Impacted	API Transformer, Code Generation, Developer Experience Portal
Tags	swagger2 swagger standards semantic validation oauth2 flow type security scheme security

Suggested Fixes

• Add missing flow property in the Security Scheme Object.
• Make sure that the flow property is not null or empty.
• Ensure that the OAuth 2.0 flow has one of the following values: implicit, password, application or accessCode.
• Choose a different security scheme type if OAuth 2.0 flow is not applicable in your API authentication's case.

For More Information

• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md#security-scheme-object
• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md
• https://docs.apimatic.io/rulesets/overview/