Authentication Security Best Practices

1.1.x

unknown-security-scheme

general > unknown-security-scheme

Guidance

One or more global security schemes in your API allows setting HTTP authentication methods that are not included
in IANA Authentication Scheme Registry.

This is a potential risk, because the definition is in security schemes. However, it easily turns into an actual
risk when the unsafe method is used in a security requirement.

Message

One or more global security schemes in your API are not allowed by IANA Authentication Scheme Registry.

Examples

valid

components:
  securitySchemes:
    UnknownAuth:
      type: http
      scheme: basic

invalid

components:
  securitySchemes:
    UnknownAuth:
      type: http
      scheme: unknown

Applies to SecurityScheme

Constraint

Type: Declarative Validation
TypeRuleset
OrganizationMuleSoft
Published by
MuleSoft Organization
Published onNov 29, 2023

Asset versions for 1.1.x

Version
1.1.0

Tags

specification