Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Enable OAuth2 Implicit authentication round-trip (#585)
The swagger-ui project contains a 'oauth2-redirect.html' file which provides a credential trampoline. Vendor it in, and place the external url to this file in swagger-ui.html. The OAuth2 authentication loop is run in a popup window/tab. The IDP will redirect back to the oauth2RedirectUrl with an access_token provided in the #hash-fragment of the url. Javascript running inside 'oauth2-redirect.html' pushes the access_token back to the parent which created the window/tab, before closing the tab. Enables use-case in #544 without adding another config param. Usage: ```python app.config.SWAGGER_UI_OAUTH_CLIENT_ID = 'MyClientId' app.config.SWAGGER_UI_OAUTH_REALM = '-' app.config.SWAGGER_UI_OAUTH_APP_NAME = 'Demo' api = Api( app, title='Demo', security={'OAuth2': ['read', 'write']}, authorizations={ 'OAuth2': { 'type': 'oauth2', 'flow': 'implicit', 'authorizationUrl': 'https://idp.example.com/authorize?audience=https://app.example.com', 'clientId': app.config.SWAGGER_UI_OAUTH_CLIENT_ID, 'scopes': { 'openid': 'Get ID token', 'profile': 'Get identity', } } } ) ```
- Loading branch information