Unclear portion of openIdConnectUrl for openIdConnect securitySchema #3152
Comments
|
This just seems like a bug where the link is wrong. If the link for openIdConnect did not point to OAuth would this otherwise be clear? |
handrews
added
the
security: auth
|
I think the link should be replaced |
|
@AxelNennker if you'd like to submit a PR that would be welcome! It would need to start on the |
|
I think the only thing left to do here is to forward-port the change to v3.1.1 and v3.2.0, correct? |
|
Yes |
|
@AxelNennker @shilpa-padgaonkar: In 3.1.1 it looks like the draft IETF RFC you replaced was already replaced by RFC 8414. Is it still appropriate to replace 8414 with what you did in 3.0.4? (I'm guessing yes, but I was just going to blind-port the commit and don't have the slightest clue how any of this stuff works or time to learn it right now) |
|
I think I would have the 3.1.1 text in all versions: openIdConnectUrl string openIdConnect REQUIRED. Well-known URL to discover the OpenID provider metadata. |
Fixes OAI#3152 Signed-off-by: Henry H. Andrews <andrews_henry@yahoo.com>
|
@AxelNennker ah, that change was PR #3718, and thanks for reminding me because it needs to be backported to 3.0.4. I was asking about PR #3607 for this issue. |
|
Yes, #3607 should be in all version since openidConnectUrl was introduced to OAI |
Fixes OAI#3152 Signed-off-by: Henry H. Andrews <andrews_henry@yahoo.com>
Fixes OAI#3152 Signed-off-by: Henry H. Andrews <andrews_henry@yahoo.com>
|
PRs merged for 3.0.4, 3.1.1, and 3.2.0! |
https://spec.openapis.org/oas/v3.1.0
the link above points to oauth discovery.
Does it apply to the openIdConnectUrl for openIdConnect securitySchema ? Should the openIdConnectUrl be driven by https://openid.net/specs/openid-connect-discovery-1_0.html ?
Please help clarify, thanks
The text was updated successfully, but these errors were encountered: