Security field of the operation references a security scheme not defined in '#/securityDefinitions'

Issue ID: validation-operation-securityrequirement-unreferenced

Description

A security requirement in the security field contains a reference to a security scheme that is not defined in the API.

The security field specifies what kind of authentication your API requires, either on global level for the whole API or for individual API operations.

For more details, see the OpenAPI Specification.

Example

The following is an example of how this issue could look in your API definition. The security field references an OAuth security scheme, but this scheme has not been defined in securityDefinitions:

{
    "schemes": [
        "https"
    ],
    // ...
    "securityDefinitions": {
        "regularSecurity": {
            "type": "basic"
        }
    },
    // ...
    "security": {
        "regularSecurity": [],
        "OAuth2": [ "readOnly" ]
    }
}

Remediation

Make sure that all security schemes that the security field references are defined.

{
    "schemes": [
        "https"
    ],
    // ...
    "securityDefinitions": {
        "regularSecurity": {
            "type": "basic"
        },
        "OAuth2": {
            "type": "oauth2",
            "flow": "accessCode",
            "scopes": {
                // ...
            }
        }
    },
    // ...
    "security": {
        "regularSecurity": [],
        "OAuth2": [ "readOnly" ]
    }
}