Describe the bug
The oas3-operation-security-defined rule fires even though the referenced securityScheme contains the referenced scopes.
To Reproduce
Given attached fdxapi.tax.fails.yaml OpenAPI document which references securitySchemes in attached fdxapi.components.test.yaml OpenAPI document
Run the spectral:oas ruleset
Which returns error:
36:15 warning oas3-operation-security-defined "fdx:customerpersonal:read" must be listed among scopes. paths./tax-forms.get.security[0].OAuthFapi1Advanced[0]
Given attached fdxapi.tax.passes.yaml OpenAPI document which includes the full securitySchemes definition copied exactly from fdxapi.components.test.yaml
Run the spectral:oas ruleset
Which succeeds without firing the rule
Expected behavior
The original rule failure should not occur, since the referenced scope fdx:customerpersonal:read is defined in the referenced file's securitySchemes.
Environment (remove any that are not applicable):
OAS version: 3.1.0
Spectral version: 6.11.1
OS: Linux (BitBucket pipeline) and Windows 11 (Spectral CLI)
fdxapi.components.test.yaml.txt fdxapi.tax.fails.yaml.txt fdxapi.tax.passes.yaml.txt
Describe the bug The oas3-operation-security-defined rule fires even though the referenced securityScheme contains the referenced scopes.
To Reproduce
fdxapi.tax.fails.yamlOpenAPI document which references securitySchemes in attachedfdxapi.components.test.yamlOpenAPI documentfdxapi.tax.passes.yamlOpenAPI document which includes the full securitySchemes definition copied exactly fromfdxapi.components.test.yamlExpected behavior The original rule failure should not occur, since the referenced scope
fdx:customerpersonal:readis defined in the referenced file's securitySchemes.Environment (remove any that are not applicable):