OpenAPI-Specification
OpenAPI-Specification copied to clipboard
OAI
The OpenAPI Specification Repository
## Issue Description During a recent discussion in https://github.com/OAI/OpenAPI-Specification/discussions/2867, it became apparent that the OpenAPI Specification lacks explicit guidelines on how clients should present access tokens to resource servers, especially...
[Current spec](https://spec.openapis.org/oas/latest.html#fixed-fields-23) definition allows `implicit`, `password`, `clientCredentials`, and `authorizationCode` for oauth2 flows. This request is to include [tokenExchange](https://www.rfc-editor.org/rfc/rfc8693) in the list of grant types/flows.
## Weekly meetings happen on Thursdays at 9am - 10am Pacific This agenda gives visibility into discussion topics for the weekly Technical Developer Community (TDC) meetings. Sharing agenda items in...
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "github-actions[bot] avatar"){kind=avatar}
To facilitate the option of media-type versioning, it would be helpful to version at the path:method level. Here is the gist of my proposal: **move version from root level to...
Can you use OAuth Flows Object to support OpenID connect hybrid flow? https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.3.md#oauthFlowObject Preventing Mix-Up Attacks with OpenID Connect https://openid.net/2016/07/16/preventing-mix-up-attacks-with-openid-connect/
#14 Issue 14 was closed with the understanding that the spec would be fixed to allow a null Security Requirement (indicating that anonymous is allowed). However, 3.0.1 still says that...
## The proposal A `LifeCycle` object to describe the API lifecycle, eg: ``` info: lifecycle: maturity: published # or deprecated, retired, ... published_at: 2019-01-01 deprecated_at: 2022-01-01 retired_at: 2022-06-01 ``` Data...
Idempotency keys (AKA Idempotent keys) is a pattern used to prevent duplicate requests by allowing the consumer of a service to send a value that represents the uniqueness of a...
Add optional field to the Operation object to indicate initial version containing the implementation
I would love to add a version-related field to the Operation object (so per HTTP method of an Endpoint) that indicates the first version of the API that shipped with...
It is possible to define a security scheme as ``` QueryKey: type: apiKey in: query name: myparam ``` corresponding to ``` parameters: - name: myparam in: query required: true ```...
