OpenAPI-Specification icon indicating copy to clipboard operation
OpenAPI-Specification copied to clipboard

Published 20 hours ago verified publisher icon OAI

Unclear portion of openIdConnectUrl for openIdConnect securitySchema

Open shiup opened this issue 2 years ago • 3 comments

https://spec.openapis.org/oas/v3.1.0

Security Scheme Object
Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://tools.ietf.org/html/draft-ietf-oauth-discovery-06).

the link above points to oauth discovery.

Does it apply to the openIdConnectUrl for openIdConnect securitySchema ? Should the openIdConnectUrl be driven by https://openid.net/specs/openid-connect-discovery-1_0.html ?

image

Please help clarify, thanks

shiup avatar Jan 27 '23 22:01 shiup

This just seems like a bug where the link is wrong. If the link for openIdConnect did not point to OAuth would this otherwise be clear?

handrews avatar Jan 27 '24 20:01 handrews

I think the link should be replaced

Security Scheme Object
Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html).

AxelNennker avatar Feb 19 '24 16:02 AxelNennker

@AxelNennker if you'd like to submit a PR that would be welcome! It would need to start on the v3.0.4-dev branch, on the versions/3.0.4.md file. Then it will get propagated to 3.1.1 and 3.2.0.

handrews avatar Feb 19 '24 18:02 handrews

I think the only thing left to do here is to forward-port the change to v3.1.1 and v3.2.0, correct?

handrews avatar May 23 '24 00:05 handrews

Yes

AxelNennker avatar May 23 '24 07:05 AxelNennker

@AxelNennker @shilpa-padgaonkar: In 3.1.1 it looks like the draft IETF RFC you replaced was already replaced by RFC 8414. Is it still appropriate to replace 8414 with what you did in 3.0.4? (I'm guessing yes, but I was just going to blind-port the commit and don't have the slightest clue how any of this stuff works or time to learn it right now)

handrews avatar May 23 '24 22:05 handrews

I think I would have the 3.1.1 text in all versions:

openIdConnectUrl string openIdConnect REQUIRED. Well-known URL to discover the OpenID provider metadata.

AxelNennker avatar May 24 '24 07:05 AxelNennker

@AxelNennker ah, that change was PR #3718, and thanks for reminding me because it needs to be backported to 3.0.4. I was asking about PR #3607 for this issue.

handrews avatar Jun 03 '24 18:06 handrews

Yes, https://github.com/OAI/OpenAPI-Specification/pull/3607 should be in all version since openidConnectUrl was introduced to OAI

AxelNennker avatar Jun 04 '24 07:06 AxelNennker

PRs merged for 3.0.4, 3.1.1, and 3.2.0!

handrews avatar Jun 21 '24 14:06 handrews