The _get_security_schemes method in the OpenAPIToScanAPIConverter class currently assumes that all oauth2 authentication uses bearer tokens.
While this is true for some cases, applications that implement the full authentication flow do exist, and the convertion would generate invalid authentication for guarded endpoints.
I'm not currently sure how a full fledged oauth2 flow would work in ScanAPI, so this needs further investigation.
Reference: https://swagger.io/docs/specification/v3_0/authentication/.
The
_get_security_schemesmethod in theOpenAPIToScanAPIConverterclass currently assumes that all oauth2 authentication uses bearer tokens.While this is true for some cases, applications that implement the full authentication flow do exist, and the convertion would generate invalid authentication for guarded endpoints.
I'm not currently sure how a full fledged oauth2 flow would work in ScanAPI, so this needs further investigation.
Reference: https://swagger.io/docs/specification/v3_0/authentication/.