Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.When you copy/paste the output of OpenAPI into Swagger Editor it has some validation errors. Attached patch fixes all of them that I could find, except for the security section as there isn't a spec for using cookies with the Swagger 2 spec (though there is in OpenAPI 3).
| Comment | File | Size | Author |
|---|---|---|---|
| #2 | openapi-conform_to_spec-2982691-2.patch | 8.22 KB | justafish |
| Screen Shot 2018-06-29 at 20.23.38.png | 197.85 KB | justafish |
Comments
Comment #2
justafishComment #4
richgerdesWhile I would like the swagger doc to conform to complete spec the cookie and csrf_token can be used by decoupled projects to authenticate to Drupal. As a result the should be included in the api. I don't have a recommended solution here. I would rather not just take out the definitions, which is why they were added using the version 3 spec.
I think that the best option, would be to allow them to be in the spec, but find a why to put them behind a toggle. Thus allowing the user to allow these auth options, if they need them for their project and accepting the fact that their site would no longer conform to the 2.0 spec.
At this point, this module doesn't have any other settings or configuration, so I am hesitant to implement it just for this functionality.
I am open to suggestions. Any thoughts?
Comment #5
richgerdesThis is effectively a duplicate of #2983352: OpenAPI is returning invalid security definitions. I am closing this one and the changes can be tracked there.