Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unclear portion of openIdConnectUrl for openIdConnect securitySchema #3152

Open
shiup opened this issue Jan 27, 2023 · 3 comments
Open

Unclear portion of openIdConnectUrl for openIdConnect securitySchema #3152

shiup opened this issue Jan 27, 2023 · 3 comments
Labels
bug security: auth Authentication including overlap with authorization security

Comments

@shiup
Copy link

shiup commented Jan 27, 2023

https://spec.openapis.org/oas/v3.1.0

Security Scheme Object
Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://tools.ietf.org/html/draft-ietf-oauth-discovery-06).

the link above points to oauth discovery.

Does it apply to the openIdConnectUrl for openIdConnect securitySchema ? Should the openIdConnectUrl be driven by https://openid.net/specs/openid-connect-discovery-1_0.html ?

image

Please help clarify, thanks
@handrews
Copy link
Contributor

This just seems like a bug where the link is wrong. If the link for openIdConnect did not point to OAuth would this otherwise be clear?

@handrews handrews added the security: auth Authentication including overlap with authorization label Feb 1, 2024
@AxelNennker
Copy link
Contributor

I think the link should be replaced

Security Scheme Object
Defines a security scheme that can be used by the operations. Supported schemes are HTTP authentication, an API key (either as a header, a cookie parameter or as a query parameter), OAuth2's common flows (implicit, password, client credentials and authorization code) as defined in [RFC6749](https://tools.ietf.org/html/rfc6749), and [OpenID Connect Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html).

@handrews
Copy link
Contributor

@AxelNennker if you'd like to submit a PR that would be welcome! It would need to start on the v3.0.4-dev branch, on the versions/3.0.4.md file. Then it will get propagated to 3.1.1 and 3.2.0.

shilpa-padgaonkar added a commit to shilpa-padgaonkar/OpenAPI-Specification that referenced this issue Feb 24, 2024
@shilpa-padgaonkar
Fix incorrect openIDconnect discovery link
2a66dda 
Fixes OAI#3152
@shilpa-padgaonkar shilpa-padgaonkar mentioned this issue Feb 24, 2024
Closed
shilpa-padgaonkar added a commit to shilpa-padgaonkar/OpenAPI-Specification that referenced this issue Feb 24, 2024
@shilpa-padgaonkar
Fix incorrect OpenIDConnect discovery url
ead2a11 
Fixes OAI#3152
@shilpa-padgaonkar shilpa-padgaonkar mentioned this issue Feb 24, 2024
Merged
@lornajane lornajane mentioned this issue Feb 29, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug security: auth Authentication including overlap with authorization security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@AxelNennker @handrews @shiup