Error with UnmarshalYAML() using http/bearer auth scheme

[sudorandom]

Describe the bug
I get an error when unmarshaling an openapi v3 spec that includes "bearer" as the scheme and has a bearerFormat value:

oneOf constraint failed for SecuritySchemeOrReference with 0 valid results: map[Reference:required key missing: $ref SecurityScheme:oneOf constraint failed for SecurityScheme with 2 valid results: map[APIKey:required key missing: name MutualTLS:bad const value for "type" ("mutualTLS" expected, "http" received) Oauth2:required key missing: flows Oidc:required key missing: openIdConnectUrl]]

To Reproduce
Run github.com/swaggest/openapi-go/openapi31.Schema.Unmarshal() with this input:

openapi: 3.1.0
info:
  title: MyProject
  description: "My Project Description"
  version: v1.0.0
# 1) Define the security scheme type (HTTP bearer)
components:
  securitySchemes:
    bearerAuth: # arbitrary name for the security scheme
      type: http
      scheme: bearer
      bearerFormat: JWT # optional, arbitrary value for documentation purposes
# 2) Apply the security globally to all operations
security:
  - bearerAuth: [] # use the same name as above

Go Playground: https://go.dev/play/p/TpF1raEIANk

Expected behavior
I expected the scheme to parse without an error and have these assertions hold true of the resulting schema:

s.Components.SecuritySchemes["bearerAuth"].SecurityScheme.HTTP != nil
s.Components.SecuritySchemes["bearerAuth"].SecurityScheme.HTTP.Scheme == "bearer"
s.Components.SecuritySchemes["bearerAuth"].SecurityScheme.HTTPBearer != nil
s.Components.SecuritySchemes["bearerAuth"].SecurityScheme.HTTPBearer.BearerFormat == "JWT"

Additional context
github.com/swaggest/openapi-go v0.2.47
sudorandom/protoc-gen-connect-openapi#5

[vearutop]

Thank you for raising this issue, it should be fixed now in v0.2.48.

[sudorandom]

Awesome! Thanks for fixing this so quickly!

[devleejb]

@vearutop
It works well! Thank you for your quick fix!

However, this doesn't work same before.

components:
  securitySchemes:
    basicAuth: # <-- arbitrary name for the security scheme
      type: http
      scheme: basic
security:
  - basicAuth: [] # <-- use the same name here

Reference - Authentication in OpenAPI

[vearutop]

@devleejb I'm not sure if I understand, could you explain in more detail the case and your expectations (maybe a reproducer)?

[devleejb]

@vearutop
I wrote the test code in openapi31. It is basicAuth test.

func TestSpec_MarshalYAML_3(t *testing.T) {
	var s openapi31.Spec

	spec := `openapi: 3.1.0
info:
  title: MyProject
  description: "My Project Description"
  version: v1.0.0
components:
  securitySchemes:
    basicAuth: # <-- arbitrary name for the security scheme
      type: http
      scheme: basic
security:
  - basicAuth: [] # <-- use the same name here  
paths:
`

	require.NoError(t, s.UnmarshalYAML([]byte(spec)))
}

[vearutop]

Ah, I see, thanks, let me quickly fix that. 😅

[sudorandom]

I was also confused at first! Here's the resulting error just for history:

oneOf constraint failed for SecuritySchemeOrReference with 0 valid results: map[Reference:required key missing: $ref SecurityScheme:oneOf constraint failed for SecurityScheme with 2 valid results: map[APIKey:required key missing: name MutualTLS:bad const value for "type" ("mutualTLS" expected, "http" received) Oauth2:required key missing: flows Oidc:required key missing: openIdConnectUrl]]

[vearutop]

Please check v0.2.49.

[devleejb]

Thank you very much!