How fix "Security scope definition global could not be resolved" in springfox?

Question

I am using springfox for generating swagger documentation from spring controllers. When visit http://127.0.0.1:8080/mycontextroot/swagger-ui.html I got swagger UI which works!

But when I try to open same yaml (or json) file generated from http://127.0.0.1:8080/mycontextroot/v2/api-docs but via https://editor.swagger.io/ I got erros:

Swagger samle:

---
swagger: '2.0'
info:
    description: Api Documentation
    version: '1.0'
    title: Api Documentation
    termsOfService: urn:tos
    contact: {}
    license:
        name: Apache 2.0
        url: http://www.apache.org/licenses/LICENSE-2.0
host: 127.0.0.1:8080
basePath: "/"
paths:
    "/mycontextroot/blogs":
        get:
            summary: blogs
            operationId: blogsUsingGET
            produces:
                - "*/*"
            responses:
                '200':
                    description: OK
                    schema:
                        "$ref": "#/definitions/Blogs"
                '401':
                    description: Unauthorized
                '403':
                    description: Forbidden
                '404':
                    description: Not Found
            security:
                - xauth:
                      - global
            deprecated: false
securityDefinitions:
    xauth:
        type: apiKey
        name: my-auth-header
        in: header
definitions:
    Blog:
        type: object
        properties:
            title:
                type: string
        title: Blog
    Blogs:
        type: object
        properties:
            blogs:
                type: array
                items:
                    "$ref": "#/definitions/Blog"
        title: Blogs

Answer 1

I had the same issue. The invalidity is caused by:

security:
    - xauth:
        - global

That needs to be:

security:
    - xauth: []

If you generate the swagger by Java, apply:

private List<SecurityReference> defaultAuth() {
    return Lists.newArrayList(new SecurityReference("xauth", new AuthorizationScope[0]));
}

Answer 2

Answer from @igor-lopatka is correct but let's try elaborate it:

1. No empty AuthorizationScope list can be used only in case of OAuth authentication as scopes are entities from oAuth World
2. While for others authentication schema, it should be empty

See Example my application support two schemas BasicAuth and OAuth

    @Bean
    public Docket api() {
        return new Docket(DocumentationType.SWAGGER_2)
                // skip irrelevant configuration
                .securitySchemes(Arrays.asList(basicAuth(), oAuth2()))
                .securityContexts(singletonList(securityContext()))
                // skip irrelevant configuration
                .build()
    }

    private BasicAuth basicAuth() {
        return new BasicAuth("basicAuth");
    }

    private OAuth oAuth2() {
        return new OAuth("oAuth2", Arrays.asList(oAuth2AuthorizationScopes()), singletonList(new ResourceOwnerPasswordCredentialsGrant("https://example.com/oauth/token"))));
    }

    private AuthorizationScope[] oAuth2AuthorizationScopes() {
        return new AuthorizationScope[]{
               new AuthorizationScope("read", "read access"),
               new AuthorizationScope("write", "write access")
        };
    }

    private SecurityContext securityContext() {
        return SecurityContext.builder()
                .securityReferences(defaultAuth())
                .forPaths(regex("/api/.*"))
                .build();
    }

    private List<SecurityReference> defaultAuth() {
        return Arrays.asList(
                new SecurityReference("basicAuth", new AuthorizationScope[]{}),
                new SecurityReference("oAuth2", oAuth2AuthorizationScopes())
        );
    }