Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relative URL for openIdConnectUrl fails validation #60

Closed
1 task done
jblazek opened this issue Mar 23, 2018 · 6 comments
Closed
1 task done

Relative URL for openIdConnectUrl fails validation #60

jblazek opened this issue Mar 23, 2018 · 6 comments
Labels
bug

Comments

@jblazek
Copy link

jblazek commented Mar 23, 2018
edited
Loading

Checklist

  • Validation: I believe my source definition is valid OpenAPI 3.0.x but the validator complains

Detailed Description

When using a relative URL in the openIdConnectUrl field, validation fails. When using an absolute URL, validation passes.

Sample gist

According to the spec, relative URLs are allowed. I did not try other URLs, but it's possible this issue exists for other properties.

I opened this similar issue in swagger-editor, but it seems like they are using this engine for validation, so I think the underlying issue may be with the validator in this project.

swagger-api/swagger-editor#1709

I can close this related issue if that project does depend on this one.

Other stuff

I found out about this project through the openapi.tools website. Using Validation engine v2.11.5 (hosted)
@MikeRalphson
Copy link
Contributor

Thanks for raising the issue and including an example.

The problem was actually in the OAS draft schema (which the validator uses as a fallback).

The openIdConnectUrl was defined as:

                 },
                 "openIdConnectUrl": {
                    "type": "string",
                    "format": "url"
                 },

When it should have been format: uriref.

This explains the similar behaviour of swagger-editor / swagger-ui - they are presumably using the same schema to drive validation, though I believe they are not using this project's (hand written) validator.

We are waiting on a dependency to come out of beta before cutting a new release, but if your requirement is urgent I can go back to the 2.11.x branch and make a patch. Please let me know.

@jblazek
Copy link
Author

jblazek commented Mar 23, 2018

This is not urgent for me, I can possibly use an absolute URL for now, or just wait until it is fixed to switch from my current security scheme to openIdConnect.

You mentioned the 'OAS draft schema', where is that located?

@MikeRalphson
Copy link
Contributor

OAI/OpenAPI-Specification#1270

@jblazek
Copy link
Author

jblazek commented Mar 23, 2018

I looked at that PR, and it looks like this comment also called out the format mismatch, but must have been missed.

OAI/OpenAPI-Specification#1270 (comment)

@MikeRalphson
Copy link
Contributor

Yes, with the PR still being a work-in-progress, not all of the comments have been incorporated yet. In addition, the schema here has a bunch of descriptions ported over from OAI/OpenAPI-Specification#1236

@MikeRalphson
Copy link
Contributor

The fix to the schema has been included in swagger2openapi v3.0.x. Thanks for your patience.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MikeRalphson @jblazek