OAS 3.0.1: apiKey security scheme has incomprehensible validation errors #1672
Description
| Q | A |
|---|---|
| Bug or feature request? | Bug |
| Which Swagger/OpenAPI version? | 3.0.1 |
| Which Swagger-Editor version? | 3.2.9 |
| How did you install Swagger-Editor? | yarn |
| Which broswer & version? | Chrome latest |
| Which operating system? | Fedora 27 |
Demonstration API definition
---
openapi: 3.0.1
info:
title: Test
version: 1.0.0
paths: {}
components:
schemas: {}
securitySchemes:
headerFoo:
type: apiKey
in: header
links: {}
callbacks: {}
Configuration (browser query string, constructor, config.yaml)
Completely stock
Expected Behavior
I expected it to squawk that headerFoo lacked a name parameter.
Current Behavior
Schema error at components.securitySchemes['headerFoo']
should NOT have additional properties
additionalProperty: in
Schema error at components.securitySchemes['headerFoo'].type
should be equal to one of the allowed values
allowedValues: http, oauth2, openIdConnect
This is weird, because it explicitly enumerates the valid types for this...and omits apiKey. If I fix the scheme def, it's fine:
headerFoo:
type: apiKey
name: bob
in: headerContext
I'm writing an OpenAPI-first web framework for Ruby/Rack, called Modern. As I build my OpenAPI spec generator, I keep occasionally testing against the editor (because the only Ruby OAPI gem I can find is incomplete and I haven't extended my test pipeline to automate the use of swagger-js) and this one made me go "buh?".