Skip to main content



This rule belongs to the swagger-v2-standards-validation ruleset and states that:

The flow of the OAuth 2.0 security scheme specified using property flow of the Security Scheme Object must have only one of the following values: implicit, password, application or accessCode. Other types are not supported nor allowed.

Maximum SeverityError
MessageInvalid flow type for OAuth 2.0 found.
Rule SystemSemantic
Broad CategorySecurity Schemes
Products ImpactedAPI Transformer, Code Generation, Developer Experience Portal
Tagsswagger2 swagger standards semantic validation oauth2 flow type security scheme security

Suggested Fixes

  • Value of flow is compared in a case-sensitive manner.
  • Ensure that the OAuth 2.0 flow value matches exactly with the possible list of values and that there are no typos: implicit, password, application or accessCode.
  • Ensure that the value for OAuth 2.0 flow is not null or empty.

For More Information