Why I'm getting "OAuth Flow is missing defined scopes" problem if scopes are optional in oauth2? #527
Comments
|
I'll need to dig into the specification again to determine why a given validation rule is being triggered. It's certainly possible that there is simply a bug in the validators. Note that it's possible to enable/disable individual rules if you either think they aren't working properly or you simply don't care about them. |
|
OK I've investigated this and verified that it's a bug in the library. It turns out that our reader can't tell the difference between an empty map and a map with no items in it. The offending code is here: Combined with this: An empty map will result in no called to I'll fix the bug. :) |
EricWittmann
added
bug
|
Fixed in 98b4557 |
|
Thank you very much!
I saw you fixed it already. It will be available in an upcoming release?
(to date, the latest version is 1.1.26).
Kind regards.
El 14-11-22 a las 15:01, Eric Wittmann escribió:
…
OK I've investigated this and verified that it's a bug in the library.
It turns out that our reader can't tell the difference between an
empty map and a map with no items in it. The offending code is here:
https://github.com/Apicurio/apicurio-data-models/blob/main/src/main/java/io/apicurio/datamodels/core/io/DataModelReader.java#L409-L414
Combined with this:
https://github.com/Apicurio/apicurio-data-models/blob/main/src/main/java/io/apicurio/datamodels/core/models/common/OAuthFlow.java#L48-L53
An empty map will result in no called to |addScope|. Because the map
is lazily created, empty map and no-map look the same after the reader
is done.
I'll fix the bug. :)
—
Reply to this email directly, view it on GitHub
<#527 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHOU3RIBUSRMCH4X4TAD4LDWIJ5BBANCNFSM6AAAAAARETXVQU>.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
I will kick off a release right now! :) |
|
Thank you very much!
El 14-11-22 a las 15:16, Eric Wittmann escribió:
…
I will kick off a release right now! :)
—
Reply to this email directly, view it on GitHub
<#527 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHOU3RM3IXM7EQM56C3DVTDWIJ6ZBANCNFSM6AAAAAARETXVQU>.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Hi!
I'm using using Data Models to validate some API definitions. In any API with oauth2 authorization type I'm getting in the ValidationProblems list that issues found are "OAuth Flow is missing defined scopes", this one with medium severity.
For example, I have the following security schemes:
But this should be valid, however the validation returns that is not. I'm using the Apicurio Data Models library version 1.1.26 on Java, as far as I'm aware, 1.1.26 is compliant with OAS 3.0.2.
I'm using this code (I'm using the deprecated method because I couldn't find usage documentation about the new one):
the "problems" object comes with an element with the message "OAuth Flow is missing defined scopes" described.
So I need your help guys, anyone can help me if this is ok, please? or it's an issue? or I'm doing something wrong?
Thanks in advance.
The text was updated successfully, but these errors were encountered: