Security field of the operation references a security scheme not defined in '#/securityDefinitions'

Description

A security requirement in the security field contains a reference to a security scheme that is not defined in the API.

The security field specifies what kind of authentication your API requires, either on global level for the whole API or for individual API operations.

For more details, see the OpenAPI Specification.

Example

The following is an example of how this issue could look in your API definition. The security field references an OAuth security scheme, but this scheme has not been defined in securityDefinitions:

1schemes:
2  - https
3# ...
4securityDefinitions:
5  regularSecurity:
6    type: basic
7# ...
8security:
9  regularSecurity: []
10  OAuth2:
11    - readOnly
12

Remediation

Make sure that all security schemes that the security field references are defined.

1schemes:
2  - https
3# ...
4securityDefinitions:
5  regularSecurity:
6    type: basic
7  OAuth2:
8    type: oauth2
9    flow: accessCode
10    scopes:
11      {}
12      # ...
13# ...
14security:
15  regularSecurity: []
16  OAuth2:
17    - readOnly
18

Copyright 42Crunch 2021