You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm trying to get swagger to authorize my "Client Credentials Flow"/application flow using the Swagger UI. I have a C# RESTful WebApi Service that I can test without issue via SoapUI. I capture the token request and response in Fiddler and see the token in the response. I do the same thing from the Swagger UI and also see the token in the response that was captured by Fiddler.
The Swagger UI then refreshes and I see a another request to /swagger/docs/v1 captured in Fiddler. Using Chromes developer tools I can trace the request to the Ajax request, once there I step over the Ajax request but set a breakpoint on the onOAuthComplete function in the swagger-oauth-js file. The first thing it does is check for the token, which is not set. I'm also not seeing a response in the Chrome developer tools for the token request, I can see the response/token in Fidder, not the Chrome Developer tools. (Same behavior in IE 10)
Any idea why the Response/token is being lost?
swagger-ui version 2.2.4 via Swashbuckle version 5.4.0
a swagger file reproducing the issue, wish I knew.
The text was updated successfully, but these errors were encountered:
OK, just as I was about to move onto something else I notice a little red circle with an x in it on the Chrome Developer tools, click on that brought me to this error message:
XMLHttpRequest cannot load http://security.RogueOne.com/core/connect/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:62561' is therefore not allowed access.
A little research into this show that since the security.RogueOne.com does not match localhost:62561 the response cannot be parsed. The response showed a content-length of 915, so I couldn't figure out why the "Response" tab in the Chrome Developer tools didn't show anything. Firefix had this message "SyntaxError: JSON.Parse: unexpected end of data at line 1 column 1 of the JSON data" Still not very helpful.
So the server needs to send a header of "Access-Control-Allow-Origin:http://locahost:62561" but isn't. I'm using IdentityServer3 so I modified my client by adding this:
new Client { ClientName = "SwaggerUI", Enabled = true, ClientId = "swaggerUI", ClientSecrets = new List<Secret> { new Secret("BigSecretWooH00".Sha256()) }, Flow = Flows.ClientCredentials, AllowClientCredentialsOnly = true, AllowedScopes = new List<string> { "Read" }, Claims = new List<Claim> { new Claim("client_type", "headless"), new Claim("client_owner", "Portal"), new Claim("app_detail", "allow") }, PrefixClientClaims = false // Inserted lines below ,AllowedCorsOrigins = new List<string> { "http://localhost:62561/" ,"http://waportaldev.RogueOne.com" ,"https://waportaldev.RogueOne.com" } }
Subsequent tests have Swagger UI front end processing a token and everything is working!
jborn
changed the title
OAuth2 application flow losing token after authorization request has been sent
OAuth2 application flow losing token after authorization request has been sent with IdentityServer3
Sep 29, 2016
I'm trying to get swagger to authorize my "Client Credentials Flow"/application flow using the Swagger UI. I have a C# RESTful WebApi Service that I can test without issue via SoapUI. I capture the token request and response in Fiddler and see the token in the response. I do the same thing from the Swagger UI and also see the token in the response that was captured by Fiddler.
The Swagger UI then refreshes and I see a another request to /swagger/docs/v1 captured in Fiddler. Using Chromes developer tools I can trace the request to the Ajax request, once there I step over the Ajax request but set a breakpoint on the onOAuthComplete function in the swagger-oauth-js file. The first thing it does is check for the token, which is not set. I'm also not seeing a response in the Chrome developer tools for the token request, I can see the response/token in Fidder, not the Chrome Developer tools. (Same behavior in IE 10)
Any idea why the Response/token is being lost?
The text was updated successfully, but these errors were encountered: