Fix linting errors in OAS files. #334
Conversation
msporny
requested review from
brianorwhatever,
dlongley,
dmitrizagidulin and
PatStLouis
components/SecuritySchemes.yml
Outdated
| authorizationUrl: /oauth2/authorize | ||
| tokenUrl: /oauth2/token | ||
| scopes: | ||
| read: Grants read access | ||
| write: Grants write access |
There was a problem hiding this comment.
| authorizationUrl: /oauth2/authorize | |
| tokenUrl: /oauth2/token | |
| scopes: | |
| read: Grants read access | |
| write: Grants write access | |
| authorizationUrl: /TBD | |
| tokenUrl: /TBD | |
| scopes: | |
| TBD: There are currently no scopes defined. |
There was a problem hiding this comment.
This has been removed in commit f2c17c0, and is ultimately up to the instance to define.
components/SecuritySchemes.yml
Outdated
| oAuth2: | ||
| type: oauth2 | ||
| flows: | ||
| authorizationCode: |
There was a problem hiding this comment.
You don't have to use authorizationCode -- need to figure out how to say "this is up to implementers".
There was a problem hiding this comment.
This has been removed in commit f2c17c0 and is up to the instance to define.
components/SecuritySchemes.yml
Outdated
| paths: | ||
| components: | ||
| securitySchemes: | ||
| noAuth: |
There was a problem hiding this comment.
| noAuth: | |
| networkAuth: |
There was a problem hiding this comment.
As noted on call, we understand the scope of this PR is to fix lint errors (we never want to compromise about dev tools not being broken), but we will update in future PRs to correctly make sure we don't unintentionally rule out use cases for "no authorization (header) required", "I enforce access to this endpoint with a firewall" or "some other secret auth method".
There was a problem hiding this comment.
This has been fixed in f2c17c0.
msporny
requested review from
peacekeeper,
mavarley and
mkhraisha
as code owners
There was a problem hiding this comment.
We should rename oauth2 to oauth2-vcapi so that we can only define the parts we know we can define at this time. There were some requirements when using oauth2 that weren't really ready to set, so if we invent a name for now as a placeholder we can just do the parts we have consensus on / know what we're doing.
msporny
force-pushed
the
msporny-fix-linting-errors
branch
from
88a58b8
to
eeb2226
Compare
I was able to update it to just |
|
Discussed on the 2023-03-21 call. Normative, multiple reviews, changes requested and made, no objections, merging. |
This PR fixes linting errors in the OAS files. OAS linting requires that every endpoint define security properties and at least one server endpoint. Reviewers should pay specific attention to this PR because it does add authorization mechanisms available on each endpoint, including noAuth, didAuth, oAuth2, and zCap (since the current set of implementers support at least one of those mechanisms, if not multiple). Setting this PR to draft so we can discuss.
The intent of this PR is NOT to establish the correct authz mechanisms for each endpoint, that will be done in a future PR. The goal here is to get "close enough" and then fine tune the authz mechanisms in a future PR. Do not take the authz mechanisms provided as anything more than a work in progress at this point in time.