spectral icon indicating copy to clipboard operation
spectral copied to clipboard

Published 20 hours ago verified publisher icon stoplightio

Validate that Security Requirements are Defined

Open dillonredding opened this issue 4 years ago • 3 comments

User story. As an API designer, when I define a security requirement at the top-level, or for an operation, then I want it to be defined in the securitySchemes components.

Is your feature request related to a problem? According to the OAS for security requirement objects:

The name used for each property MUST correspond to a security scheme declared in the Security Schemes under the Components Object.

However, spectral raises no errors for the follow OpenAPI doc:

openapi: 3.0.2
info:
  title: Foo API
  version: 0.0.0
security:
  - foobar: [] # undefined and therefore invalid
paths: {}

Describe the solution you'd like I would like spectral to validate that all declared security requirements are defined as per the OAS requirement.

dillonredding avatar Apr 13 '20 23:04 dillonredding

Any news on that?

ioggstream avatar Jan 11 '22 17:01 ioggstream

I stubbed a custom function implementation based on the current oasOpSecurityDefined https://github.com/italia/api-oas-checker/pull/482/files#diff-02327926eb1e6d9b33c3d62bd55da90506c59ad3f913f7431785468be07bd713

Does make sense to you to add something like this in spectral? It is probably an easy feature to add...

ioggstream avatar Jan 12 '22 09:01 ioggstream

@ioggstream Definitely seems like the base/default spectral rules should account for the core OAS.

dillonredding avatar Jan 19 '22 15:01 dillonredding