Security requirement is not an OAuth2 or OpenID Connect requirement and must not define scopes

Description

The security requirement in question defines authorization scopes. However, it is not an OAuth2 or OpenID Connect security requirement, and thus must not define scopes.

For more details, see the OpenAPI Specification.

Example

The following is an example of how this issue could look in your API definition:

1api_key:
2  - write:pets
3  - read:pets
4

Remediation

Make sure that only OAuth2 and OpenID Connect security requirements define scopes.

1api_key: []
2# ...
3petstore_oauth:
4  - write:pets
5  - read:pets
6

Copyright 42Crunch 2021