Should security object that was inlined in `server.security` be left as duplicate under `securitySchemes`

asyncapi / converter-js

Convert to or migrate between AsyncAPI versions with the converter

19 stars 21 forks source link

Should security object that was inlined in `server.security` be left as duplicate under `securitySchemes` #196

Open derberg opened 1 year ago

derberg commented 1 year ago

So here we have securituSchemes.supportedOauthFlows -> https://github.com/asyncapi/spec/blob/next-major-spec/examples/correlation-id.yml#L150 but it was already inlined in https://github.com/asyncapi/spec/blob/next-major-spec/examples/correlation-id.yml#L24

so we kinda duplicate info, imho securituSchemes.supportedOauthFlows should be removed by the converter.

also, why Security requirements that use scopes are defined in the appropriate places inline?

cc @magicmatatjahu @jonaslagoni

magicmatatjahu commented 1 year ago

@derberg

Security requirements that use scopes are defined in the appropriate places inline

Because in v3 security schemas for the oauth2 type has scopes field in the root level of security scheme object, so you cannot do something like:

security:
- $ref: "#/components/securitySchemes/oauth2"
  scopes: [...]

you need to define it as inline (everything). However about duplication, tbh I don't remember why I did that in this way, in 99% it can be erase, that 1% I left because maybe there is a case with referencing with external files.

derberg commented 1 year ago

external file you mean that some external file references that security scheme and that is why it should stay?