applySecurities fails as securityDef is returned as undefined.

[sahilkhanna]

securityDef is returning undefined because get function is not able to look through nested object. Although the spec included the security definition get functioned failed to look for securitySchemes key.

swagger-js/src/execute/oas3/build-request.js

Line 94 in e0003d0

const securityDef = get(spec, ['components', 'securitySchemes']) || {};

This is probably because the webpack config doesn't enable the Deep property path support for methods like _.get, _.has, & _.set. feature set

I was using https://swaggerapis.rainmaker.espressif.com/ API which involves getting an AccessToken(apiKey) after sending a login request. All rest of the authorised API calls used this token for verification. Whenever I made a request, securityDef would be undefined and API call would not execute.

I highly suspect the fix is just to add the above feature set to the loadlash module.

Thanks.

[jonasvoelcker]

Hey there,

unfortunately we are also facing this issue for our solution since version 3.17.0. The 3.16.1 works totally fine but if you debug into the code and go to line 94 mentioned above, the spec has got components as well as securitySchemes but lodash can't extract the definition.

Our securitySchemes are as following:

components:
  securitySchemes:
    keycloak:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: /auth/realms/ourrealm/protocol/openid-connect/auth
          tokenUrl: /auth/realms/ourrealm/protocol/openid-connect/token
          scopes:
            our-scope: our-scope

Could you please take a look? This would save us from restructuring our frontend completely. Unfortunately this software needs to stay for some more years and we can't risk staying on a 2 year old version.

If you need some more information, please do not hesitate to contact me ;)

Best Regards
Jonas

[transfluxus]

I am running into the same issue, tho at some point I got it resolved by uninstall lodash and swagger-client and installing swagger-client again... However that does not work anymore and neither using 3.16.1 :(

[transfluxus]

oh well it works with 3.16.1 , but its not possible to use it with the LodashWebpackPlugin

[jonasvoelcker]

Hey there,

here's a brief update to our problems above:

The securitySchemes problem seems to be fixed but we didn't notice it because there was another new problem, which showed the exact same behavior.

We were using 'openapi.yaml' as url and '/api' as server. In combination this resulted in a failure on this line:

const parsedUrl = ourUrl && contextUrl ? parseURIReference(_empty.url.resolve(contextUrl, ourUrl)) : parseURIReference(ourUrl);

It might be possible that the _empty-module was missing because of not using Webpack, we managed to fix it through using this initialization instead as it doesn't set the contextUrl any more: