Closed nicholi closed 5 months ago
I think I already found the answer examining the schema format you validate against: https://github.com/swagger-api/validator-badge/blob/master/src/main/resources/schema3-fix-format-uri-reference.json
If type: http
is chosen the fields in
and name
cannot be used because they will confuse the schema validator about what type of securitySchema object is being referenced. My intention was to use HTTPSecurityScheme
. Simplest answer seems to be do not specify in: header
and name: Authorization
. These would be implied anyways under the HTTP scheme, I just did not think explicitly specifying them would cause problems.
Sample OAS 3.0 yaml tested with https://validator.swagger.io/validator/debug?url=
It seems as soon as the
name
orin
properties are specified in the security scheme object, validation fails. Output:From the OpenAPI 3.0 spec these definitely shouldn't cause validation errors, and from the spec at least they are assumed to be REQUIRED. https://swagger.io/specification/#security-scheme-object Is there something I am missing in defining the scuritySchemes object?