OAuth2 flow not completing #1384
Description
I have the following config:
securityDefinitions:
oauth2:
type: oauth2
flow: accessCode
description: OAuth2 Security
tokenUrl: "https://myserver.com/token"
authorizationUrl: "https://myserver.com/authorize"
scopes:
read: Read data.
The URLs are valid. When I click the On/Off switch, I get asked for the scope. I pick the only scope we have and click 'Authorize.' I get redirected to my oAuth login where I log in with valid credentials. I get redirected back to o2c.html with the proper oAuth code. That code calls window.opener.processOAuthCode(qp); then closes the window. Swagger UI then calls the /token endpoint but doesn't provide the client secret. This is where the flow fails.
Which I suppose is to be expected because this block in index.html makes no sense:
initOAuth({
clientId: "swagger",
realm: "your-realms",
appName: "your-app-name"
});
The clientId is correct and it's set up correctly to redirect back to o2c.html. I have no idea what realm and appName are supposed to be or how they'd relate to oAuth in this case. I also tried using the implicit oAuth flow but had no luck with that as I don't think our server supports it.
So my questions:
- Can I authenticate with oAuth2 and if so what needs to be done to make the flow finish properly?
- Even when manually adding the appropriate Authorization header in the JS using
swaggerUi.api.clientAuthorizations.add("key", new SwaggerClient.ApiKeyAuthorization("Authorization", "Bearer some_hash_here", "header"));the API fails to make the call with this header. It's displayed in the curl call which works perfectly using curl so it's not an issue with the API itself but swagger. This is my fallback position for allowing testing of the oAuth2 API if Added regex to replace / with _ in resource name #1 above doesn't work, assuming that swagger-ui can be made to actually send the headers properly.