-
Notifications
You must be signed in to change notification settings - Fork 8.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SwaggerUI OAuth2 clientCredentials authentication #4533
Comments
Hmm, this does seem strange. Do you have a live server I can test this against, @jochenjonc? |
@shockey I don't have a live server available |
What I'm actually trying to do is use Auth0 for authentication in Swagger.
As you can see they use a json body to send all parameters. Is there a way to do this with swagger-ui? |
@jochenjonc Did you ever find a way around this? Looking at the code it looks like the there isn't a simple way to do this without a modification to this class... I'm utilizing Swashbuckle with .Net Core and I can get my data onto the authConfigs object, but it does no good because oauth2-authorize.js doesn't pass that object as the json on the request...
|
@dgwaldo I never got around this and I just use a Bearer Token I generate via the Auth0 website. |
Closing - sounds like this is resolved. I don't know much about Auth0 in particular, but if anyone has observations on how we can support it better in Swagger UI, feel free to open a feature request 😄 |
I did a bit of a hacky work around. http://waldoscode.blogspot.com/2018/07/using-swashbuckle-or-swagger-ui-with.html @shockey, I think all that would be needed is for the json object being posted to allow for an audience to be passed... If I get time I might try and work something up. |
Support for this would be ready nice |
I believe the issue is here: It is missing the ClientId and ClientSecret in the form.
|
@soliveira, per the OAuth spec, client_id and client_secret shouldn't be included in the access token request body: Quoting myself, quoting the spec:
See #4905 (comment) for more context. |
I am still having this issue, its an issue with not being able to pass the audience parameter in the request body that causes the error from auth0 Passing in the querystring doesn't appear to work. Would be nice to have similar functionality as |
@crazyman1979, this is a resolved support ticket - please open a new issue if you're having problems! |
Q&A (please complete the following information)
Content & configuration
Example Swagger/OpenAPI definition:
Swagger-UI configuration options:
None
Describe the bug you're encountering
I configured Swagger to use the oauth2 clientCredentials flow and I get the following screen in Swagger UI for authentication.
But when I fill in the client_id and client_secret and I press Authorize I get an error.
When I look at the the actual POST Swagger UI does I see the following issues.
I think it is a bug, but maybe I'm doing something wrong?
The text was updated successfully, but these errors were encountered: