Is Implicit Flow supported in the swagger?

[chantinghin0203]

I see there is OAuth2PasswordRequestForm but I dun see an example which allows me to set client Id/redirect url/scope for this kind of OAuth2 authentication flow

[hampsterx]

https://swagger.io/docs/specification/authentication/openid-connect-discovery/

OIDC is currently not supported in Swagger Editor and Swagger UI. Please follow this issue for updates.

swagger-api/swagger-ui#3517

Seems work in progress~

[tiangolo]

I have to check directly with Swagger UI how it would work with several providers, but I guess @hampsterx already found some info about it.

[nikitamendelbaum]

@chantinghin0203 @hampsterx the "work in progress" is for the OIDC (OpenID Connect) discovery implementation in swagger-ui (see the issue 3517 mentioned by hampsterx)
However, the initial question was if the OAuth2 implicit flow is supported in swagger-ui. The question has nothing to do with OIDC and the answer to it is YES.
Implicit flow does work in Swagger-ui v3.0.5 using the OpenAPI 3.0 template and Keycloak as the OAuth2 provider.
This is what I have in the template (based on the documentation https://swagger.io/docs/specification/authentication/oauth2/):

components:
  ...
   securitySchemes:
    my_auth_whatever:
      type: oauth2
      flows:
        implicit:
          authorizationUrl: https://MY-KEYCLOAK-HOST/auth/realms/MY-REALM-ID/protocol/openid-connect/auth
          scopes: {}
  ...
security:
  - my_auth_whatever: []

Make sure the implicit flow is enabled in OAuth provider (keycloak in my case) settings for the client that you use.
authorizationUrl can be obtained from the OIDC discovery JSON and is a part of the plain OAuth2 spec.
The ?client_id=YOUR-CLIENT-ID can be added to authorizationUrl to overwrite what user specifies in the client id field in modal.
When running swagger-ui in docker - the OAUTH_CLIENT_ID env var may be provided to container to set the default value in the modal.

Not sure what would be the syntax for the the spec written with OpenAPI 2.0 and haven't tested it. But you may refer to https://swagger.io/docs/specification/2-0/authentication/ or convert your 2.0 spec into 3.0 using the online converter.

[tiangolo]

Yep, I think @nikitamendelbaum is right.

[github-actions[bot]]

Assuming the original issue was solved, it will be automatically closed now. But feel free to add more comments or create new issues.