Add OIDC Schema format as per spec (#287)

Co-authored-by: Pierre Fenoll <[email protected]>
getkin · Jan 19, 2021 · d4df86a · d4df86a
1 parent 4bb44a2
commit d4df86a
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 8 deletions.
diff --git a/openapi3/security_scheme.go b/openapi3/security_scheme.go
@@ -28,13 +28,14 @@ var _ jsonpointer.JSONPointable = (*SecuritySchemes)(nil)
 type SecurityScheme struct {
 	ExtensionProps
 
-	Type         string      `json:"type,omitempty" yaml:"type,omitempty"`
-	Description  string      `json:"description,omitempty" yaml:"description,omitempty"`
-	Name         string      `json:"name,omitempty" yaml:"name,omitempty"`
-	In           string      `json:"in,omitempty" yaml:"in,omitempty"`
-	Scheme       string      `json:"scheme,omitempty" yaml:"scheme,omitempty"`
-	BearerFormat string      `json:"bearerFormat,omitempty" yaml:"bearerFormat,omitempty"`
-	Flows        *OAuthFlows `json:"flows,omitempty" yaml:"flows,omitempty"`
+	Type             string      `json:"type,omitempty" yaml:"type,omitempty"`
+	Description      string      `json:"description,omitempty" yaml:"description,omitempty"`
+	Name             string      `json:"name,omitempty" yaml:"name,omitempty"`
+	In               string      `json:"in,omitempty" yaml:"in,omitempty"`
+	Scheme           string      `json:"scheme,omitempty" yaml:"scheme,omitempty"`
+	BearerFormat     string      `json:"bearerFormat,omitempty" yaml:"bearerFormat,omitempty"`
+	Flows            *OAuthFlows `json:"flows,omitempty" yaml:"flows,omitempty"`
+	OpenIdConnectUrl string      `json:"openIdConnectUrl,omitempty" yaml:"openIdConnectUrl,omitempty"`
 }
 
 func NewSecurityScheme() *SecurityScheme {
@@ -49,6 +50,13 @@ func NewCSRFSecurityScheme() *SecurityScheme {
 	}
 }
 
+func NewOIDCSecurityScheme(oidcUrl string) *SecurityScheme {
+	return &SecurityScheme{
+		Type:             "openIdConnect",
+		OpenIdConnectUrl: oidcUrl,
+	}
+}
+
 func NewJWTSecurityScheme() *SecurityScheme {
 	return &SecurityScheme{
 		Type:         "http",
@@ -114,7 +122,9 @@ func (ss *SecurityScheme) Validate(c context.Context) error {
 	case "oauth2":
 		hasFlow = true
 	case "openIdConnect":
-		return fmt.Errorf("Support for security schemes with type '%v' has not been implemented", ss.Type)
+		if ss.OpenIdConnectUrl == "" {
+			return fmt.Errorf("No OIDC URL found for openIdConnect security scheme %q", ss.Name)
+		}
 	default:
 		return fmt.Errorf("Security scheme 'type' can't be '%v'", ss.Type)
 	}

diff --git a/openapi3/security_scheme_test.go b/openapi3/security_scheme_test.go
@@ -198,4 +198,24 @@ var securitySchemeExamples = []securitySchemeExample{
 `),
 		valid: true,
 	},
+	{
+		title: "OIDC Type With URL",
+		raw: []byte(`
+{
+  "type": "openIdConnect",
+  "openIdConnectUrl": "https://example.com/.well-known/openid-configuration"
+}
+`),
+		valid: true,
+	},
+	{
+		title: "OIDC Type Without URL",
+		raw: []byte(`
+{
+  "type": "openIdConnect",
+  "openIdConnectUrl": ""
+}
+`),
+		valid: false,
+	},
 }