Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Schema for callbacks incorrectly omits readOnly and includes writeOnly properties #6294

Open
tamlyn opened this issue Aug 13, 2020 · 0 comments
Open

Schema for callbacks incorrectly omits readOnly and includes writeOnly properties #6294

tamlyn opened this issue Aug 13, 2020 · 0 comments
Labels
specification: 3.x type: bug

Comments

@tamlyn
Copy link

tamlyn commented Aug 13, 2020

Q&A (please complete the following information)

  • OS: macOS
  • Browser: chrome
  • Version: 84
  • Method of installation: online
  • Swagger-UI version: not sure
  • Swagger/OpenAPI version: OpenAPI 3.0

Content & configuration

Example Swagger/OpenAPI definition:

Describe the bug you're encountering

In brief the problem is that the UI shows the schema of webhook requests as though they were requests made to the API when in fact they contain responses from the API.

To reproduce...

In the schema above, a User has a name, an autogenerated id which is marked as readOnly (i.e. appears in responses but cannot be set) and a password which is marked as writeOnly (i.e. can be set but does not appear in responses).

In the UI it shows the schema for the GET request as:

[
  {
    "id": "string",
    "name": "string"
  }
]

And the schema for the POST request as:

{
  "name": "string",
  "password": "string"
}

So far so good.

But for the callback (which is nested inside the POST request) it shows the schema as:

{
  "name": "string",
  "password": "string"
}

Expected behavior

The callback is notifying the API user via a network request that the user was created (maybe this process takes a while). I would expect it to contain the name and the autogenerated id but not the private password. i.e. I would expect the callback request to have the same schema as a GET response not a POST request.

{
  "id": "string",
  "name": "string"
}

Additional context or thoughts

In OAS 3.1 readOnly and writeOnly have been removed from the spec and instead it defers to the JSON Schema spec which says:

If "readOnly" has a value of boolean true, it indicates that the value of the instance is managed exclusively by the owning authority, and attempts by an application to modify the value of this property are expected to be ignored or rejected by that owning authority.

[...]

If "writeOnly" has a value of boolean true, it indicates that the value is never present when the instance is retrieved from the owning authority. It can be present when sent to the owning authority to update or create the document (or the resource it represents), but it will not be included in any updated or newly created version of the instance.

Note the concept of an "owning authority" instead of the "request" and "response" wording used in OAS 3.0.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
specification: 3.x type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tamlyn @tim-lai