fix: security scheme reference annoations parsing

baywet · baywet · commit ccc3733a2700 · 2025-06-06T13:46:06.000-04:00
Signed-off-by: Vincent Biret &lt;vibiret@microsoft.com&gt;
diff --git a/src/Microsoft.OpenApi/Reader/V31/OpenApiSecuritySchemeDeserializer.cs b/src/Microsoft.OpenApi/Reader/V31/OpenApiSecuritySchemeDeserializer.cs
@@ -90,7 +90,9 @@ public static IOpenApiSecurityScheme LoadSecurityScheme(ParseNode node, OpenApiD
             if (pointer != null)
             {
                 var reference = GetReferenceIdAndExternalResource(pointer);
-                return new OpenApiSecuritySchemeReference(reference.Item1, hostDocument, reference.Item2);
+                var securitySchemeReference = new OpenApiSecuritySchemeReference(reference.Item1, hostDocument, reference.Item2);
+                securitySchemeReference.Reference.SetMetadataFromMapNode(mapNode);
+                return securitySchemeReference;
             }
 
             var securityScheme = new OpenApiSecurityScheme();
diff --git a/test/Microsoft.OpenApi.Readers.Tests/V31Tests/OpenApiSecuritySchemeReferenceDeserializerTests.cs b/test/Microsoft.OpenApi.Readers.Tests/V31Tests/OpenApiSecuritySchemeReferenceDeserializerTests.cs
@@ -0,0 +1,41 @@
+using System.Text.Json.Nodes;
+using Microsoft.OpenApi.Reader;
+using Microsoft.OpenApi.Reader.V31;
+using Xunit;
+
+namespace Microsoft.OpenApi.Readers.Tests.V31Tests;
+
+public class OpenApiSecuritySchemeReferenceDeserializerTests
+{
+    [Fact]
+    public void ShouldDeserializeSecuritySchemeReferenceAnnotations()
+    {
+        var json =
+        """
+        {
+            "$ref": "#/components/securitySchemes/MyScheme",
+            "description": "This is a security scheme reference"
+        }
+        """;
+
+        var hostDocument = new OpenApiDocument();
+        hostDocument.AddComponent("MyScheme", new OpenApiSecurityScheme
+        {
+            Type = SecuritySchemeType.ApiKey,
+            Name = "api_key",
+            In = ParameterLocation.Header,
+            Description = "This is a security scheme description",
+        });
+        var jsonNode = JsonNode.Parse(json);
+        var parseNode = ParseNode.Create(new ParsingContext(new()), jsonNode);
+
+        var result = OpenApiV31Deserializer.LoadSecurityScheme(parseNode, hostDocument);
+
+        Assert.NotNull(result);
+        var resultReference = Assert.IsType<OpenApiSecuritySchemeReference>(result);
+
+        Assert.Equal("MyScheme", resultReference.Reference.Id);
+        Assert.Equal("This is a security scheme reference", resultReference.Description);
+        Assert.NotNull(resultReference.Target);
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -90,7 +90,9 @@ public static IOpenApiSecurityScheme LoadSecurityScheme(ParseNode node, OpenApiD`
`90`	`90`	`if (pointer != null)`
`91`	`91`	`{`
`92`	`92`	`var reference = GetReferenceIdAndExternalResource(pointer);`
`93`		`- return new OpenApiSecuritySchemeReference(reference.Item1, hostDocument, reference.Item2);`
	`93`	`+ var securitySchemeReference = new OpenApiSecuritySchemeReference(reference.Item1, hostDocument, reference.Item2);`
	`94`	`+ securitySchemeReference.Reference.SetMetadataFromMapNode(mapNode);`
	`95`	`+ return securitySchemeReference;`
`94`	`96`	`}`
`95`	`97`
`96`	`98`	`var securityScheme = new OpenApiSecurityScheme();`