[ZEN-4778] Validation should allow empty scopes array in Security Requirement Object

RepreZen / KaiZen-OpenAPI-Editor

Eclipse Editor for the Swagger-OpenAPI Description Language

Eclipse Public License 1.0

115 stars 12 forks source link

[ZEN-4778] Validation should allow empty scopes array in Security Requirement Object #490

Closed nbhusare closed 5 years ago

nbhusare commented 5 years ago

The PR fixes the Validator to allow "empty scope arrays" in the Security Requirement Object for Security Schemes of type - oauth2 or openIdConnect.

In addition, for scheme of type oauth2, the validation checks if each scope in the array corresponds to a scope declared in one or more OAuth flows. Please note that this is NOT applicable to the scheme of type "openIdConnect".

048

tedepstein commented 5 years ago

@nbhusare , it looks like a whitespace formatting issue was introduced in commit d006279ac7be99c64f7a055d226cc75d743688b8, addressing issue #485 / ZEN-4779 - Wrong error issued with OpenID Connect security scheme. Also, it's a good idea to mention the relevant github and Jira issue(s) in the commit message, for easier cross-referencing.

Aside from these minor issues, code changes look fine. I'll QA test it in the API Studio PR.

tedepstein commented 5 years ago

@neerajbhusare , this passed QA, so I will go ahead and merge. It would be good to add automated tests for fixes like these, but I don't want to hold up progress for it. I'll make a note on the Jira issue that we should add tests before closing the issue.