required-oauth2-security-scheme-flow
Overview
This rule belongs to the swagger-v2-standards-validation ruleset and states that:
If the security scheme type is OAuth 2.0 (i.e. type is set to oauth2), the Security Scheme Object must specify the flow used by the OAuth 2.0 security scheme, using the flow property. It must have only one of the following values: implicit, password, application or accessCode.
| Property | Value |
|---|---|
| Enabled | Yes |
| Maximum Severity | Error |
| Message | Required flow property in OAuth 2.0 Security Scheme Object is missing. |
| Code | SWAGGER20STANDARDS_V376 |
| Type | Validation |
| Rule System | Semantic |
| Broad Category | Security Schemes |
| Products Impacted | API Transformer, Code Generation, Developer Experience Portal |
| Tags | swagger2 swagger standards semantic validation oauth2 flow type security scheme security |
Suggested Fixes
- Add missing
flowproperty in the Security Scheme Object. - Make sure that the
flowproperty is not null or empty. - Ensure that the OAuth 2.0 flow has one of the following values:
implicit,password,applicationoraccessCode. - Choose a different security scheme type if OAuth 2.0 flow is not applicable in your API authentication's case.