New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot offer both AuthorizationCode PKCE and Client Credentials #2470
Comments
We have exactly the same problem. 😢 Due to that, we can´t update any more to the latest versions. Please... is it possible to correct this? |
Same issue - seems its fixed in this PR - swagger-api/swagger-ui#8146 |
Better still - it's also fixed for the auth code flow in swagger-api/swagger-ui#8268 |
Happy to upgrade the related swagger-ui bits once the above changes have been released there. Feel free to ping me with a reminder when that happens |
@domaindrivendev It appears to already have been released in 4.15.3. |
Thanks everyone involved, I will check the changes soon and will comment here the status. |
Hi everyone, the latest stable Swashbuckle.AspNetCore version (6.4.0) relies on swagger-ui-dist 4.14.0 which of course doesn't include the fix from 4.15.3. |
We need a new distribution as @sprudel79 mentions. |
There was just a recent update a few days back. I have upgraded my local setup and have tested the issue. |
@sprudel79 it appears i have the opposite problem? I am using PKCE auth and do not want the client_secret field shown. after upgrading to 6.5.0 it now shows. is there a way to force it to be hidden? |
Hi @aherrick, |
@sprudel79 Can you share your configuration? Are you using pkce? |
Here we go @markwalsh-liverpool, I can share a code snippet (which should show the idea) of the Swagger usage with both PKCE and ClientCredentials: public virtual void ConfigureServices(IServiceCollection services)
{
...
_ = services.AddSwaggerGen(options =>
{
...
var flows = new OpenApiOAuthFlows();
flows.AuthorizationCode = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri(baseUrlIdentityServer + "/connect/authorize"),
TokenUrl = new Uri(baseUrlIdentityServer + "/connect/token"),
Scopes = new Dictionary<string, string>
{
{ "MyAPI", string.Empty },
{ "openid", string.Empty },
{ "email", string.Empty },
{ "profile",string.Empty}
}
};
flows.ClientCredentials = new OpenApiOAuthFlow
{
TokenUrl = new Uri(baseUrlIdentityServer + "/connect/token"),
Scopes = new Dictionary<string, string>
{
{ "MyAPI", string.Empty }
}
};
options.AddSecurityDefinition("IdentityServer", new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "IdentityServer"
},
In = ParameterLocation.Header,
Name = "Bearer",
Scheme = "oauth2",
Type = SecuritySchemeType.OAuth2,
Flows = flows
});
options.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference=new OpenApiReference{Type=ReferenceType.SecurityScheme,Id="IdentityServer"},
Scheme="oauth2",
Name="Bearer",
In=ParameterLocation.Header
},
new List<string>{"openid","email","profile","MyAPI"}
}
});
...
});
...
}
public virtual void Configure(IApplicationBuilder app, IHostApplicationLifetime applicationLifetime)
{
...
_ = app.UseSwagger(o =>
{
});
if (ServiceOptions.Swagger.UseSwaggerUI)
{
var apiVersionDescriptionProvider = app.ApplicationServices.GetRequiredService<IApiVersionDescriptionProvider>();
_ = app.UseSwaggerUI(options =>
{
options.OAuthUsePkce();
foreach (var description in apiVersionDescriptionProvider.ApiVersionDescriptions)
{
options.SwaggerEndpoint($"{baseUrlMyAPI}/swagger/{description.GroupName}/swagger.json", description.GroupName.ToUpperInvariant());
}
});
}
...
} |
Hi everyone,
I am using latest Swashbuckle version 6.4.0. For my service which is using IdentityServer as IDP I would like to offer both authorization code with PKCE based authentication as well as client credentials in Swagger.
I should say that both auth options work perfectly when I enable them individually.
As I am aware to make PKCE working I need to call this here:
Now I would like to offer client credentials authorization as well, but when the call to OAuthUsePkce is there, the "client_secret" field which is required for client credentials disappears:
How can I bring back the client_secret field without having to disable PKCE?
Thanks in advance.
The text was updated successfully, but these errors were encountered: