Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

oas3-operation-security-defined: Optional authentication not supported #892

Closed
m-mohr opened this issue Jan 7, 2020 · 1 comment · Fixed by #895
Closed

oas3-operation-security-defined: Optional authentication not supported #892

m-mohr opened this issue Jan 7, 2020 · 1 comment · Fixed by #895
Labels
t/bug Something isn't working

Comments

@m-mohr
Copy link
Contributor

m-mohr commented Jan 7, 2020

Describe the bug

The rule oas3-operation-security-defined complains that optional/no auth security as defined in the comment below is not part of the security schema:
OAI/OpenAPI-Specification#14 (comment)

Strictly speaking that is true, but not very helpful as you can't specify a "no auth" definition in the security schemas.

To Reproduce
Snippet for a security definition in a path:

      security:
        - {}
        - Bearer: []

The second line is the problem, the third line works as expected (as it's defined in the security schema:

  securitySchemes:
    Bearer:
      type: http
      scheme: bearer

Expected behavior
Either have an option for the rule to allow empty no auth security definitions or allow them always.

Environment (remove any that are not applicable):

  • Library version: 5.0.0
  • OS: Windows 10
@m-mohr m-mohr added the t/bug Something isn't working label Jan 7, 2020
@m-mohr m-mohr changed the title Optional authentication not supported by oas3-operation-security-defined oas3-operation-security-defined: Optional authentication not supported Jan 7, 2020
@m-mohr m-mohr mentioned this issue Jan 7, 2020
Merged
4 tasks
@m-mohr
Copy link
Contributor Author

m-mohr commented Jan 7, 2020

Here's a PR: #895

@P0lip P0lip closed this as completed in #895 Jan 9, 2020
P0lip added a commit that referenced this issue Jan 9, 2020
@m-mohr @P0lip
fix: support optional authentication for rule oas3-operation-security…
32af139 
…-defined (#895)

* Fixes #892: Support optional authentication for rule oas3-operation-security-defined

* Fixes #892: Adding a test

* Fixes #892: Update docs

* Made changes as requested in the PR review

* Apply suggestions from code review

Co-Authored-By: Jakub Rożek <jakub@rozek.tech>

Co-authored-by: Jakub Rożek <jakub@rozek.tech>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
t/bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: support optional authentication for rule oas3-operation-security-defined
1 participant
@m-mohr