search

YubicoLabs / passkey-workshop

Sample backend application to demonstrate a relying party that supports passkeys. This example includes examples of the java-webauthn-server library, helper classes, code examples, best practices, and API schemas.
36 stars 8 forks source link

Conform to OAS3 unconditionally to satisfy swagger #27

Open joostd opened 1 year ago

joostd commented 1 year ago

Swagger complains about errors in our OpenAPI 3.0 Webauthn Schema

Semantic error at paths./v1/user.delete.requestBody
DELETE operations cannot have a requestBody.
Semantic error at paths./v1/user/credentials.delete.requestBody
DELETE operations cannot have a requestBody.

Swagger seems to have started to raise errors to conform to OAS3. Their documentation states:

"GET, DELETE and HEAD are no longer allowed to have request body because it does not have defined semantics as per RFC 7231."

Although the OAS3 specs say:

"requestBody is permitted but does not have well-defined semantics and SHOULD be avoided if possible."

Do we need to change this in order to conform unconditionally?

dmennis commented 1 year ago

DELETE - /v1/user/credentials/{credentialId}