search

gregsdennis / Graeae

OpenAPI support powered by json-everything
MIT License
2 stars 1 forks source link

Deserializing OpenAPI "Petstore" sample definition fails #13

Closed bhaeussermann closed 1 hour ago

bhaeussermann commented 9 hours ago

When I try to deserialize the OpenAPI 3.1 Petstore sample definition from Swagger Editor as follows:

YamlSerializer.Deserialize<OpenApiDocument>(openApiDefinitionString);

this fails with the exception System.Text.Json.JsonException: `tokenUrl` is required for oauth flow object

I went ahead and attempted to check whether the spec satisfies the schema using JsonSchema.Net. For this I converted the spec to JSON using Swagger Editor and removed all the irrelevant parts which left me with

{
  "openapi": "3.1.0",
  "info": {
    "title": "Swagger Petstore - OpenAPI 3.1",
    "version": "1.0.11"
  },
  "servers": [
    {
      "url": "https://petstore3.swagger.io/api/v3"
    }
  ],
  "paths": {},
  "components": {
    "schemas": {},
    "securitySchemes": {
      "petstore_auth": {
        "type": "oauth2",
        "flows": {
          "implicit": {
            "authorizationUrl": "https://petstore3.swagger.io/oauth/authorize",
            "scopes": {
              "write:pets": "modify pets in your account",
              "read:pets": "read your pets"
            }
          }
        }
      },
      "api_key": {
        "type": "apiKey",
        "name": "api_key",
        "in": "header"
      }
    }
  }
}

(This still yields the same error in Graeae).

When I validate the spec against the Open API 3.1 schema using JsonSchema.Net:

using System.Text.Json.Nodes;
using Json.Schema;

Json.Schema.OpenApi.Vocabularies.Register();
SchemaRegistry.Global.Register(Json.Schema.OpenApi.MetaSchemas.OpenApiDialect);
SchemaRegistry.Global.Register(Json.Schema.OpenApi.MetaSchemas.DocumentSchema);

var openApiSchema = JsonSchema.FromFile("OpenAPI-3.1-Schema.json");

using var definitionStream = File.OpenRead("petstore.json");
var jsonNode = JsonNode.Parse(definitionStream);
var evaluationResults = openApiSchema.Evaluate(jsonNode);

if (!evaluationResults.IsValid)
{
    Console.WriteLine("Validation Failed!");
}

the validation passes.

I need to use Graeae for the validation as the program needs to be able to validate OpenAPI 3.0 schemas as well and this doesn't work with JsonSchema.Net.

gregsdennis commented 4 hours ago

https://spec.openapis.org/oas/latest.html#fixed-fields-25

https://github.com/OAI/OpenAPI-Specification/blob/main/schemas%2Fv3.1%2Fschema.yaml#L847

The schema doesn't appear to require the field for the implicit grant.

The spec says it's required but doesn't apply to implicit.

Will look into updating.

Thanks for the report.