Skip to content

Security definition documentation updates #818

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 11 commits into from
Nov 18, 2016
Merged

Security definition documentation updates #818

merged 11 commits into from
Nov 18, 2016

Conversation

darrelmiller
Copy link
Member

No description provided.

@darrelmiller
Some fixes to the security definition object
31ffe11 
Corrected RFC reference.
Clarified that URLs can be relative.
Fixed basic auth example.
@darrelmiller
Update to description of bearerFormat property
bd4d7b1
@fehguy
Copy link
Contributor

fehguy commented Oct 24, 2016

@darrelmiller looks good to me!

DavidBiesack
DavidBiesack reviewed Oct 24, 2016
View reviewed changes
Copy link
Contributor

@DavidBiesack DavidBiesack left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good but I have some minor formatting/phrasing suggestions.

versions/3.0.md
<a name="securitySchemeScheme"></a>scheme | `string` | `http` | **Required.** The name of the HTTP Authorization scheme to be used in the Authorization header as per RFC 7234.
<a name="securitySchemeBearerFormat"></a>bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token should be formatted.
<a name="securitySchemeOpenIdConnectUrl"></a>openIdConnectUrl | `string` | `openIdConnect` | **Required.** OpenId Connect URL to discover OAuth2 configuration values.
<a name="securitySchemeScheme"></a>scheme | `string` | `http` | **Required.** The name of the HTTP Authorization scheme to be used in the Authorization header as per [RFC 7235](https://tools.ietf.org/html/rfc7235).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

or link to the section:
the [Authorization header of RFC 7235](https://tools.ietf.org/html/rfc7235#section-4.2)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

versions/3.0.md
<a name="securitySchemeFlow"></a>flow | `string` | `oauth2` | **Required.** The flow used by the OAuth2 security scheme. Valid values are `"implicit"`, `"password"`, `"application"` or `"accessCode"`.
<a name="securitySchemeAuthorizationUrl"></a>authorizationUrl | `string` | `oauth2` (`"implicit"`, `"accessCode"`) | **Required.** The authorization URL to be used for this flow. This SHOULD be in the form of a URL.
<a name="securitySchemeTokenUrl"></a>tokenUrl | `string` | `oauth2` (`"password"`, `"application"`, `"accessCode"`) | **Required.** The token URL to be used for this flow. This SHOULD be in the form of a URL.
<a name="securitySchemeAuthorizationUrl"></a>authorizationUrl | `string` | `oauth2` (`"implicit"`, `"accessCode"`) | **Required.** The authorization URL to be used for this flow. This SHOULD be in the form of a URL. Url may be relative to location of OpenAPI document.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reads a little awkward an uses Url as a work, not an acronym. I suggest either
"The authorizationUrl..." or "The URL..."

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed the bit about relative URLs. Going to try and handle it globally.

versions/3.0.md
<a name="securitySchemeAuthorizationUrl"></a>authorizationUrl | `string` | `oauth2` (`"implicit"`, `"accessCode"`) | **Required.** The authorization URL to be used for this flow. This SHOULD be in the form of a URL.
<a name="securitySchemeTokenUrl"></a>tokenUrl | `string` | `oauth2` (`"password"`, `"application"`, `"accessCode"`) | **Required.** The token URL to be used for this flow. This SHOULD be in the form of a URL.
<a name="securitySchemeAuthorizationUrl"></a>authorizationUrl | `string` | `oauth2` (`"implicit"`, `"accessCode"`) | **Required.** The authorization URL to be used for this flow. This SHOULD be in the form of a URL. Url may be relative to location of OpenAPI document.
<a name="securitySchemeTokenUrl"></a>tokenUrl | `string` | `oauth2` (`"password"`, `"application"`, `"accessCode"`) | **Required.** The token URL to be used for this flow. This SHOULD be in the form of a URL. Url may be relative to location of OpenAPI document.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As above, I suggest either "The authorizationUrl..." or "The URL..."

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removed.

@fehguy
Copy link
Contributor

fehguy commented Oct 26, 2016

@darrelmiller LGTM (XL)

earth2marsh
earth2marsh reviewed Nov 4, 2016
View reviewed changes
versions/3.0.md
<a name="securitySchemeScheme"></a>scheme | `string` | `http` | **Required.** The name of the HTTP Authorization scheme to be used in the Authorization header as per [RFC 7235](https://tools.ietf.org/html/rfc7235).
<a name="securitySchemeBearerFormat"></a>bearerFormat | `string` | `http` (`"bearer"`) | A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes.
<a name="securitySchemeFlow"></a>flow | [OAuth Flows Object](#oauthFlowsObject) | `oauth2` | **Required.** An object containing configuration information for the flow types supported.
<a name="securitySchemeOpenIdConnectUrl"></a>openIdConnectUrl | `string` | `openIdConnect` | **Required.** OpenId Connect URL to discover OAuth2 configuration values. Url may be relative to location of OpenAPI document.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor typo: Url needs all-caps.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed via DELETION :-)

@webron webron mentioned this pull request Nov 4, 2016
Closed
5 tasks
@webron
Copy link
Member

webron commented Nov 4, 2016

TDC voted for merge, @darrelmiller will fix conflicts and merge when ready.

@webron
Copy link
Member

webron commented Nov 18, 2016

@darrelmiller - see if you can fix the conflicts and check @earth2marsh's comment before the call, and we could even merge it live!

@webron
Copy link
Member

webron commented Nov 18, 2016

URLs will change from SHOULD to MUST and then merged 🎉

@darrelmiller darrelmiller merged commit 848973d into OpenAPI.next Nov 18, 2016
@darrelmiller darrelmiller deleted the dm/securityreview branch November 18, 2016 18:29
@fehguy fehguy mentioned this pull request Jan 20, 2017
Closed
AndersDJohnson pushed a commit to AndersDJohnson/OpenAPI-Specification that referenced this pull request Apr 8, 2019
@darrelmiller
Merge pull request OAI#818 from OAI/dm/securityreview
240e074 
Security definition documentation updates
@ericlingit ericlingit mentioned this pull request Apr 19, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@earth2marsh earth2marsh earth2marsh left review comments

@DavidBiesack DavidBiesack DavidBiesack left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@darrelmiller @fehguy @webron @earth2marsh @DavidBiesack