Swagger 2.0 to OpenApi 3.0
we are using all the classes with import io.swagger.annotations.*; and we have moved to jakarta. Please let me know where I can find the documentation to know what are annotations to be used. Please also suggest me swagger maven plugin which takes jakarta into consideration and generate a JSON file. Attach sample plugin to be used to generate JSON with open api 3 or greater.Circular references in OpenAPI
Can someone please inform me if circular references are allowed when using "allOf","oneOf" and "anyOf" keywords? The OpenAPI specification does not explicitly say anything about that. Here's an example API specification that causes all sorts of problems when attempting to generate code from it using different code generators. Essentially I'd like to combine inheritance with polymorphism so that I have an "abstract" type Animal that I can return from any method, and also Animal is never just the base class, it's always either Dog or Cat, both of which inherit some of the Animal's properties. Is this a valid schema according to OpenAPI 3 specification or not? { "openapi": "3.0.1", "info": { "title": "PET API", "version": "v1" }, "paths": { "/pets/{name}": { "get": { "responses": { "200": { "description": "Success", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/Animal" } } } } } } } }, "components": { "schemas": { "Animal": { "type": "object", "oneOf": [{ "$ref": "#/components/schemas/Cat" }, { "$ref": "#/components/schemas/Dog" } ], "properties": { "name": { "type": "string", }, "animalType": { "type": "string" } }, "discriminator": { "propertyName": "animalType" } }, "Cat": { "type": "object", "allOf": [{ "$ref": "#/components/schemas/Animal" }, { "type": "object", "properties": { "whiskersCount": { "type": "integer", } } } ] }, "Dog": { "type": "object", "allOf": [{ "$ref": "#/components/schemas/Animal" }, { "type": "object", "properties": { "tailWagsPerSecond": { "type": "integer", } } } ] }, } } }2.4KViews1like0CommentsOpenAPI not encoding multipart/mixed correctly
This is how the relevant portion of my endpoint looks like: "/global-types/import-coordinates": post: summary: Import coordinates operationId: importCoordinates requestBody: content: multipart/mixed: schema: type: object properties: file: type: string format: binary attributes: type: array items: type: string identifier: type: string required: - file - attributes - identifier responses: 201: $ref: 'model.yaml#/components/responses/created' 400: $ref: 'model.yaml#/components/responses/badRequest However, when I call the generated function from TypeScript: file is not encoded properly. Chrome DevTools show it to be of type object File instead of binary The request fails with exit code 415 Unsupported Media Type I found this issue on OpenAPIs GitHub. It's very old, but still not closed. Might this be related to my issue? This is my first post to this forum, so please tell me, if you need more information. Thank you for every incoming reply or effort to help me out with this.How to document multiple data types array in OpenAPI Definition
Hi all, I'm looking for an OpenAPI representation for an array type when the array has one specific data type item at one time, the array data type can be multiple types. That means as an example: let's assume I have an array called `arry` with two data types integer and string, when I receive `arry`, It can be contained items only one type. It can be an integer array(arry[] -> [integer, integer, integer]) or string array (arry[]-> [string, string, string]). If I use oneOf data model : .... arry: type: array items: oneOf: - type: string - type: integer it will return the mixed type array arry[]->[integer, string, integer, integer, string] Could you please let me know, how can I represent arrayarry[] -> [integer, integer, integer] orarry[]-> [string, string, string] in the OpenAPI definition?SolvedHow to define a secret key / signature based security scheme?
Skimming the Swagger documentation for authentication / authorization schemes in OAS 3.0, I don't see a clear way to define my API as utilizing signature-based authentication. I have an API where all requests must be passed two properties: `api_key` (which uniquely defines the user) and `signature` (which is computed using the request path, query string, and a secret key). The server keeps a copy of their secret key and generates the same signature using the same process, then compares the two signatures. This way unlike API key auth (where the full authentication credentials are passed over the internet, hopefully secured by HTTPS) there is never enough information passed for a man-in-the-middle to trivially forge requests (other than replay attacks using the exact same request). I feel like signature-based authentication isn't so rare as to be excluded from the OpenAPI specification. AWS uses signature-based authentication for almost all of their services! Is there a way to define this as a security scheme? Or is this a missing feature from the spec?Callbacks and readOnly/writeOnly
I have a question about how the readOnly and writeOnly properties relate to webhook requests. The spec says of readOnly "This means that it MAY be sent as part of a response but SHOULD NOT be sent as part of the request" which seems clear enough. But while a callback is a request at the network level, at the semantic level it contains response data from the API. For example if I have a schema for an object which has a readOnly createdDate property, I mean that it is forbidden in the request body when creating an object but will be present in the response when fetching an object. And when it comes to a callback, I would expect the createdDate to be present in the request body of the callback when it is sent to the remote server. The Swagger UI omits readOnly properties from the schema of requests, including callbacks. I started out creating a bug report there before realising that the implemented behaviour is a valid interpretation of the OpenAPI spec. But it seems wrong to me. I can't think of a situation where this behaviour is what I would want. If this issue has been debated before, could someone point me to the discussion? If not, would there be any appetite for clarifying the spec to make readOnly/writeOnly relative to the API rather than the network request?SolvedUsing OIDC and Oauth2 in openapi 3
I hope someone can help me. I have been looking at lots of forums and have not been able to find any answers. I am hoping to use OpenAPI 3 and OIDC to get access token. I am generating a Java client using codegen cli - java -jar swagger-codegen-cli-3.0.8.jar generate -l java ........ In my yaml I have securitySchemes: OpenID: type: openIdConnect openIdConnectUrl: https://localhost:9643/oidc/endpoint/jazzop/.well-known/openid-configuration OAuth2: type: oauth2 flows: implicit: authorizationUrl: https://localhost:9643/oidc/endpoint/jazzop/authorize scopes: read: Grants read access write: Grants write access admin: Grants access to admin operations The generated ApiClient.java contains only public ApiClient() { httpClient = new OkHttpClient(); verifyingSsl = true; json = new JSON(); // Set default User-Agent. setUserAgent("Swagger-Codegen/1.0.0/java"); // Setup authentications (key: authentication name, value: authentication). authentications = new HashMap<String, Authentication>(); authentications.put("OAuth2", new OAuth()); // Prevent the authentications from being modified. authentications = Collections.unmodifiableMap(authentications); } There is no mention of OpenID. Searching through the generated client, I cannot find any reference to "https://localhost:9643...." anywhere. So even oauth2 "authorization" endpoint is not accessed. Various forums suggest that oauth2 and oidc happens automagically, but code generated suggests otherwise. Can someone point me somewhere with more concrete examples of how it works. Many thanks2.2KViews1like0Comments