feat(securityscheme): add oauth2MetadataUrl support (OpenAPI 3.2)

[mdaneri]

Pull Request

Description

Adds first-class support for OpenAPI 3.2 oauth2MetadataUrl on OAuth2 security schemes, including serialization and OpenAPI 3.2 reader support.

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Other (please describe):

Related Issue(s)

Fixes #2694

Changes Made

• Add OAuth2MetadataUrl to OpenApiSecurityScheme/IOpenApiSecurityScheme and reference wrapper.
• Serialize oauth2MetadataUrl only for OpenAPI 3.2+ when type: oauth2.
• Parse oauth2MetadataUrl in the OpenAPI 3.2 reader.
• Add unit tests for serialization and parsing.

Testing

• Unit tests added/updated
• Integration tests added/updated
• Manual testing performed
• All existing tests pass

Checklist

• My code follows the code style of this project
• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes

Versions applicability

• My change applies to the version 1.X of the library, if so PR link:
• My change applies to the version 2.X of the library, if so PR link:
• My change applies to the version 3.X of the library, if so PR link:
• I have evaluated the applicability of my change against the other versions above.

Additional Notes

Unit tests executed locally:

• test/Microsoft.OpenApi.Tests/Models/OpenApiSecuritySchemeTests.cs
• test/Microsoft.OpenApi.Readers.Tests/V32Tests/OpenApiSecuritySchemeTests.cs

[baywet]

Thanks for the contribution!

In addition to the requested change, you'll need to refresh the public API export.

[mdaneri]

Always I forget about that 😓

[mdaneri]

That test looks interesting! I might just borrow it and incorporate it into my project.

[baywet]

That test looks interesting! I might just borrow it and incorporate it into my project.

The dotnet team actually made it an analyzer, so you get feedback on build and not on tests anymore. We just haven't taken the time to update things here. See this as an example.

https://github.com/BinkyLabs/openapi-overlays-dotnet/blob/b9635b903f375498673a3ef801d7d862879e2e3b/src/lib/BinkyLabs.OpenApi.Overlays.csproj#L45