required-oauth2-security-scheme-token-url

Overview

This rule belongs to the swagger-v2-standards-validation ruleset and states that:

If the flow type is set as password, application or accessCode in the OAuth 2.0 Security Scheme Object, then the OAuth 2.0 Security Scheme Object must specify the token URL to be used for this flow, using the tokenUrl property.

Property	Value
Enabled	Yes
Maximum Severity	Error
Message	Required tokenUrl property in OAuth Flow Object is missing.
Code	SWAGGER20STANDARDS_V379
Type	Validation
Rule System	Semantic
Broad Category	Security Schemes
Products Impacted	API Transformer, Code Generation, Developer Experience Portal
Tags	swagger2 swagger standards semantic validation url access token token oauth2 flow type security scheme security

Suggested Fixes

• Add missing tokenUrl property in the OAuth 2.0 Security Scheme Object.
• Make sure that the tokenUrl is not null or empty.
• Choose a different flow type in the OAuth 2.0 Security Scheme Object if the current URL is not applicable for your API authentication.

For More Information

• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md#security-scheme-object
• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md
• https://docs.apimatic.io/rulesets/overview/