required-oauth2-security-scheme-scopes

Overview

This rule belongs to the swagger-v2-standards-validation ruleset and states that:

For all flow types, the OAuth 2.0 Security Scheme Object must specify the available scopes for the OAuth2 security scheme token URL, using the scopes property.

Property	Value
Enabled	Yes
Maximum Severity	Error
Message	Required scopes property in OAuth 2.0 Security Scheme Object is missing.
Code	SWAGGER20STANDARDS_V380
Type	Validation
Rule System	Semantic
Broad Category	Security Schemes
Products Impacted	API Transformer, Code Generation, Developer Experience Portal
Tags	swagger2 swagger standards semantic validation scopes oauth2 flow type security scheme security

Suggested Fixes

• Add missing scopes property in the OAuth 2.0 Security Scheme Object.
• Make sure that the scopes property is a valid object not set as null.

For More Information

• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md
• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md#security-scheme-object
• https://docs.apimatic.io/rulesets/overview/