Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support "x-tokenName" as in swagger-ui 2 for choosing another OAuth2.0 token field #4084

Open
thjaeckle opened this issue Jan 9, 2018 · 7 comments

Comments

Projects
None yet
8 participants
@thjaeckle
Copy link

commented Jan 9, 2018

Q A
Bug or feature request? Feature request
Which Swagger/OpenAPI version? OpenAPI 2.0
Which Swagger-UI version? Swagger 3.9.0
How did you install Swagger-UI? Official Docker image
Which browser & version? Latest Chrome
Which operating system? Win

Swagger-UI 2 supported reading a "x-tokenName" property from a "oauth2" entry in "securityDefinitions", see also PR #2587
That was used in order to select another JSON field (other to "access_token") in the token response from a OAuth2.0 server.

For example Google OAuth2.0 sends back a token in form:

{
 "access_token": "....",
 "token_type": "Bearer",
 "expires_in": 3599,
 "id_token": "...."
}

Swagger-UI 3.9.0 can only send the "access_token" to the backend for "try out".
In Swagger-UI 2 one could choose to use the "id_token" instead.

Demonstration API definition

securityDefinitions:
  Google:
    type: oauth2
    description: Use "OAuth2.0" with your Google-ID.
    authorizationUrl: https://accounts.google.com/o/oauth2/v2/auth
    tokenUrl: https://www.googleapis.com/oauth2/v4/token
    x-tokenName: id_token
    flow: accessCode
    scopes:
      openid: Access your Google-ID

Expected Behavior

The previously supported x-tokenName can be used in order to select another field from the token JSON as bearer token.

Current Behavior

The x-tokenName is ignored.

Possible Solution

Context

Trying to use the "id_token" instead of the "access_token" so that the backend does not need to retrieve the "id_token" again with the "access_token".

@thjaeckle thjaeckle changed the title Support "x-tokenName" as in swagger-ui 2 for custom OAuth2.0 token to choose Support "x-tokenName" as in swagger-ui 2 for choosing another OAuth2.0 token field Jan 9, 2018

@RehanSaeed

This comment has been minimized.

Copy link

commented Feb 23, 2018

Any workarounds?

@ngraef

This comment has been minimized.

Copy link

commented Mar 21, 2018

From what I can tell, this behavior is now controlled by the swagger-js library.

@saberone

This comment has been minimized.

Copy link

commented May 28, 2018

@ngraef & @RehanSaeed Did you happen to apply the x-tokenName support? I backed some local nuget packages based on the proposed fix/PR from @ngraef But I haven't found a way to configure the tokenname from the serverside. Because of the strong typing, I cannot easily add a "x-tokenName" property to the OAuth2Scheme.

The only thing I want is Azure AD support using oauth.

@shockey

This comment has been minimized.

Copy link
Member

commented Sep 7, 2018

Fixed by swagger-api/swagger-js#1278.

@shockey shockey closed this Sep 7, 2018

@richardsinelle

This comment has been minimized.

Copy link

commented Dec 17, 2018

For information, the fix is not working for an openapi 3 swagger file.

@shockey

This comment has been minimized.

Copy link
Member

commented Jan 15, 2019

Reopening per @richardsinelle's note re: lack of OpenAPI 3.0 support.

@shockey shockey reopened this Jan 15, 2019

@mlapaglia

This comment has been minimized.

Copy link

commented Apr 16, 2019

Can I help with this? Would like to see this added into 3 as well :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.