spectral
spectral copied to clipboard
Validate that Security Requirements are Defined
User story.
As an API designer, when I define a security requirement at the top-level, or for an operation, then I want it to be defined in the securitySchemes
components
.
Is your feature request related to a problem? According to the OAS for security requirement objects:
The name used for each property MUST correspond to a security scheme declared in the Security Schemes under the Components Object.
However, spectral raises no errors for the follow OpenAPI doc:
openapi: 3.0.2
info:
title: Foo API
version: 0.0.0
security:
- foobar: [] # undefined and therefore invalid
paths: {}
Describe the solution you'd like I would like spectral to validate that all declared security requirements are defined as per the OAS requirement.
Any news on that?
I stubbed a custom function implementation based on the current oasOpSecurityDefined https://github.com/italia/api-oas-checker/pull/482/files#diff-02327926eb1e6d9b33c3d62bd55da90506c59ad3f913f7431785468be07bd713
Does make sense to you to add something like this in spectral? It is probably an easy feature to add...
@ioggstream Definitely seems like the base/default spectral rules should account for the core OAS.