University of Zurich · API Governance Rules

University of Zurich API Rules

Spectral linting rules defining API design standards and conventions for University of Zurich.

5 Rules error 2 warn 3
View Rules File View on GitHub

Rule Categories

uzh

Rules

warn
uzh-info-contact
Info object should reference the identity provider contact.
$.info
error
uzh-https-servers
All servers must use HTTPS, matching the edu-ID issuer.
$.servers[*].url
warn
uzh-oidc-security-scheme
An OpenID Connect security scheme should be defined for edu-ID flows.
$.components.securitySchemes
error
uzh-operation-ids
Every operation should declare an operationId.
$.paths[*][get,post,put,delete,patch]
warn
uzh-pkce-s256
The authorize endpoint should advertise PKCE with the S256 method, the only code_challenge_method supported by SWITCH edu-ID.
$.paths['/idp/profile/oidc/authorize'].get.parameters[?(@.name=='code_challenge_method')].schema.enum

Spectral Ruleset

Raw ↑ 
formats:
  - oas3
documentationUrl: https://www.zi.uzh.ch/en/support/identity-access/eduid-faq.html
rules:
  uzh-info-contact:
    description: Info object should reference the identity provider contact.
    severity: warn
    given: $.info
    then:
      field: contact
      function: truthy
  uzh-https-servers:
    description: All servers must use HTTPS, matching the edu-ID issuer.
    severity: error
    given: $.servers[*].url
    then:
      function: pattern
      functionOptions:
        match: ^https://
  uzh-oidc-security-scheme:
    description: An OpenID Connect security scheme should be defined for edu-ID flows.
    severity: warn
    given: $.components.securitySchemes
    then:
      function: truthy
  uzh-operation-ids:
    description: Every operation should declare an operationId.
    severity: error
    given: $.paths[*][get,post,put,delete,patch]
    then:
      field: operationId
      function: truthy
  uzh-pkce-s256:
    description: >-
      The authorize endpoint should advertise PKCE with the S256 method, the only
      code_challenge_method supported by SWITCH edu-ID.
    severity: warn
    given: $.paths['/idp/profile/oidc/authorize'].get.parameters[?(@.name=='code_challenge_method')].schema.enum
    then:
      function: schema
      functionOptions:
        schema:
          type: array
          contains:
            const: S256