Security requirement is not an OAuth2 or OpenID Connect requirement and must not define scopes
Issue ID: v3-semantic-securityrequirement-nonoauth2scopes
Description
The security requirement in question defines authorization scopes. However, it is not an OAuth2 or OpenID Connect security requirement, and thus must not define scopes.
For more details, see the OpenAPI Specification.
Example
The following is an example of how this issue could look in your API definition:
{
"api_key": [
"write:pets",
"read:pets"
]
}
Remediation
Make sure that only OAuth2 and OpenID Connect security requirements define scopes.
{
"api_key": [ ],
// ...
"petstore_oauth": [
"write:pets",
"read:pets"
]
}