Authentication Security Best Practices

(6 reviews)

oauth1-deprecated

general > oauth1-deprecated

Guidance

One or more global security schemes in your API allows using OAuth 1.0 authentication.

This is a potential risk, because the definition is in security schemes. However, it easily turns into an actual
risk when the unsafe method is used in a security requirement.

Message

One or more global security schemes in your API allows using OAuth 1.0 authentication.

Examples

valid

securitySchemes:
  OAuth2:
    type: oauth2
    flows:
      authorizationCode:
        authorizationUrl: https://example.com/oauth/authorize
        tokenUrl: https://example.com/oauth/token

invalid

securitySchemes:
  OAuth1:
    type: oauth1

Applies to SecurityScheme

Type	Ruleset
Organization	MuleSoft
Published by	MuleSoft Organization
Published on	Nov 29, 2023

Authentication Security Best Practices

oauth1-deprecated

Guidance

Message

Examples

valid

invalid

Constraint

Type: Declarative Validation

Reviews

Asset versions for 1.1.x

Tags