valid-oauth2-security-scheme-flow-type

Overview

This rule belongs to the swagger-v2-standards-validation ruleset and states that:

The flow of the OAuth 2.0 security scheme specified using property flow of the Security Scheme Object must have only one of the following values: implicit, password, application or accessCode. Other types are not supported nor allowed.

Property	Value
Enabled	Yes
Maximum Severity	Error
Message	Invalid flow type for OAuth 2.0 found.
Code	SWAGGER20STANDARDS_V377
Type	Validation
Rule System	Semantic
Broad Category	Security Schemes
Products Impacted	API Transformer, Code Generation, Developer Experience Portal
Tags	swagger2 swagger standards semantic validation oauth2 flow type security scheme security

Suggested Fixes

• Value of flow is compared in a case-sensitive manner.
• Ensure that the OAuth 2.0 flow value matches exactly with the possible list of values and that there are no typos: implicit, password, application or accessCode.
• Ensure that the value for OAuth 2.0 flow is not null or empty.

For More Information

• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md
• https://github.com/OAI/OpenAPI-Specification/blob/main/versions/2.0.md#security-scheme-object
• https://docs.apimatic.io/rulesets/overview/