security-scheme-attributes does not account for relative URLs
Closed this issue ยท 3 comments
Using the example from the swagger docs for Relative URLs
openapi: 3.0.0
servers:
- url: https://api.example.com
- url: https://sandbox-api.example.com
# Relative URLs to OAuth2 authorization and token URLs
components:
securitySchemes:
oauth2:
type: oauth2
flows:
authorizationCode:
authorizationUrl: /oauth/dialog
tokenUrl: /oauth/token
the validator produces the error messages
Message : security scheme 'authorizationUrl' property must be a valid URL
Rule : security-scheme-attributes
Path : components.securitySchemes.oauth2.flows.authorizationCode.authorizationUrl
Line : 12
Message : security scheme 'tokenUrl' property must be a valid URL
Rule : security-scheme-attributes
Path : components.securitySchemes.oauth2.flows.authorizationCode.tokenUrl
Line : 13
But I believe this should be valid because, according to the OpenAPI 3 spec:
Unless specified otherwise, all properties that are URLs MAY be relative references as defined by RFC3986. Relative references are resolved using the URLs defined in the Server Object as a Base URI.
and in this example the authorizationUrl
and tokenUrl
prepended with the servers.url
paths are valid URLs.
@rparini-intellegens You're right - the current rule doesn't account for this scenario and it does appear to be valid according to the spec. We'll need to fix the rule to support this
๐ This issue has been resolved in version 0.33.1 ๐
The release is available on npm package (@latest dist-tag)
Your semantic-release bot ๐ฆ๐
๐ This issue has been resolved in version 0.84.1 ๐
The release is available on npm package (@latest dist-tag)
Your semantic-release bot ๐ฆ๐