Authentication Security Best Practices

1.1.x
(6 reviews)

valid-oauth2-redirection-urls

general > valid-oauth2-redirection-urls

Guidance

Your API accepts basic credentials transported over the network. All URLs in the API contract must be proper URLs
in a valid format.

Message

Either the authorization or access token URLs for OAuth2 are not valid URLs.

Examples

valid

components:
  securitySchemes:
    OAuth2:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: https://auth.example.com/authorize
          tokenUrl: https://auth.example.com/token

invalid

securitySchemes:
  OAuth2:
    type: oauth2
    flows:
      authorizationCode:
        authorizationUrl: thisisnotallowed:*inanurl/*\-+
        tokenUrl: thisisnotallowed:*inanurl/*\-+

Applies to OAuth2Flow

Constraint

Type: Declarative Validation

Reviews

TypeRuleset
OrganizationMuleSoft
Published by
MuleSoft Organization
Published onNov 29, 2023

Asset versions for 1.1.x

Version
1.1.0

Tags

specification