search

SecureIdentityAlliance / osia

Open Standard set of APIs for interoperability of identity management building blocks.
https://osia.readthedocs.io/en/latest/
Other
21 stars 20 forks source link

Using enrollment.yaml throws "scopes array must be empty for security type 'http'" #25

Closed xtrycatchx closed 1 year ago

xtrycatchx commented 4 years ago

Encountered error when loading the https://osia.readthedocs.io/en/latest/enrollment.yaml

{
   "message":"scopes array must be empty for security type 'http'",
   "errors": [ {
      "path":"/v1/enrollments/{enrollmentId}",
      "message":"scopes array must be empty for security type 'http'"
   } ]
}

The scopes can be found when decoding my bearer token:

"scope": "profile email enroll.write"

Im using following to load the enrollment.yaml descriptor

"express": "^4.17.1",
"express-openapi-validator": "^3.16.7",

And the snippet for loading it:

const express = require('express');
const path = require('path');
const bodyParser = require('body-parser');
const logger = require('morgan');
const http = require('http');
const OpenApiValidator = require('express-openapi-validator').OpenApiValidator;
const app = express();

app.use(bodyParser.urlencoded());
app.use(bodyParser.text());
app.use(bodyParser.json());

app.use(logger('dev'));
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(express.static(path.join(__dirname, 'public')));
const spec = path.join(__dirname, 'enrollment.yaml');
app.use('/spec', express.static(spec));

const openApiValidator = new OpenApiValidator({ apiSpec: './enrollment.yaml' })
openApiValidator.install(app).then(() => {

    app.post('/v1/enrollments/:enrollmentId', function (req, res, next) {
        console.log("params:", req.params)
        console.log("query:", req.query)
        console.log("body:", req.body)
        res.json({ enrollmentId: 1 });
    });

    app.use((err, req, res, next) => {
        if (!err.status && !err.errors) {
            res.status(500).json({
                errors: [
                    {
                        message: err.message,
                    },
                ],
            });
        } else {
            res.status(err.status).json({
                message: err.message,
                errors: err.errors,
            });
        }
    });

    const server = http.createServer(app);
    server.listen(3000);
    console.log('Listening on port 3000');
});
module.exports = app;
xtrycatchx commented 4 years ago

i might be wrong, but should the security tag be this

security:
      - BearerAuth:
        - enroll.read

instead of 

security:
        - BearerAuth: [enroll.read]
olivier-heurtier-sia commented 1 year ago

Could not reproduce.