[ZEN-4778] Validation should allow empty scopes array in Security Requirement Object #490
Conversation
… contains values if the secutiry-scheme-type is of type oauth2 or openIdConnect
…urity requirement object corresponds to a scope declared in one or more OAuth flows
| } | ||
| } | ||
| } | ||
| } else { |
There was a problem hiding this comment.
@nbhusare , did something happen with formatting here? Indentation looks like it changed.
|
@nbhusare , it looks like a whitespace formatting issue was introduced in commit d006279, addressing issue #485 / ZEN-4779 - Wrong error issued with OpenID Connect security scheme. Also, it's a good idea to mention the relevant github and Jira issue(s) in the commit message, for easier cross-referencing. Aside from these minor issues, code changes look fine. I'll QA test it in the API Studio PR. |
|
@neerajbhusare , this passed QA, so I will go ahead and merge. It would be good to add automated tests for fixes like these, but I don't want to hold up progress for it. I'll make a note on the Jira issue that we should add tests before closing the issue. |
The PR fixes the Validator to allow "empty scope arrays" in the Security Requirement Object for Security Schemes of type - oauth2 or openIdConnect.
In addition, for scheme of type oauth2, the validation checks if each scope in the array corresponds to a scope declared in one or more OAuth flows. Please note that this is NOT applicable to the scheme of type "openIdConnect".