Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UUID needed? #8

Open
wsalembi opened this issue Sep 7, 2023 · 1 comment
Open

UUID needed? #8

wsalembi opened this issue Sep 7, 2023 · 1 comment

Comments

@wsalembi
Copy link

wsalembi commented Sep 7, 2023
edited
Loading

Why do we have UUID in openapi-common?
Why isn't it configured as type: string / format: uuid ?

Is this really needed for standardizing on exclusively lowercase UUID values?
The annoyance is that it generates java.lang.String instead of java.util.UUID unless you configure an import mapper.
@pvdbosch
Copy link
Contributor

I guess we'd have to balance between ease of use, varied support of the format and risk of logic errors.

Support of uuid format varies

format: uuid isn't a standard OpenAPI 3.0 format:

https://spec.openapis.org/oas/v3.0.3#data-types
Formats such as "email", "uuid", and so on, MAY be used even though undefined by this specification.

But support has been added to OpenAPI 3.1 (via newer JSON Schema version), though it makes the whole format validation optional.

At the time when we defined UUID in openapi-common, versions of openapi-generator or swagger-codegen didn't map it to java.util.UUID. The javascript or typescript generators don't have a mapping for it either.
swagger-request-validator does seem to support it.

risk on logic errors

e.g. DB lookup in a varchar column may fail inadvertedly due to casing mismatch, or by java/javascript string comparison (already encountered this in the wild).

https://www.belgif.be/specification/rest/api-guide/#rule-id-design

Each identifier MUST be represented by only one single string value, so that a string equality check can be used to test if two identifiers are identical. This means that capitalization, whitespace or leading zeroes are significant.

ISO/RFC Standard

https://datatracker.ietf.org/doc/html/rfc4122#section-3

The hexadecimal values "a" through "f" are output as
lower case characters and are case insensitive on input.

https://www.iso.org/obp/ui/fr/#iso:std:iso-iec:9834:-8:ed-3:v1:en

6.5.4 Software generating the hexadecimal representation of a UUID shall not use upper case letters. NOTE – It is recommended that the hexadecimal representation used in all human-readable formats be restricted to lower-case letters. Software processing this representation is, however, required to accept both upper and lower case letters as specified in 6.5.2.

For Java, the UUID::toString() javadoc allows both upper- and lowercase so its not fully compliant with the ISO/RFC.

We could add format: uuid to the existing UUID type of openapi-common, combined with the pattern enforcing lowercase, if we could trust UUID implementations to generate lowercase (compliant with ISO, stricter then javadoc UUID).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
openapi-schemas
Status: To do
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wsalembi @pvdbosch