search

scottie1984 / swagger-ui-express

Adds middleware to your express app to serve the Swagger UI bound to your Swagger document. This acts as living documentation for your API hosted from within your app.
MIT License
1.43k stars 228 forks source link

Oauth2 authentication: InvalidTokenError: Invalid Compact JWS #322

Open sqwkVFR opened 2 years ago

sqwkVFR commented 2 years ago

I need to be able to authenticate and authorize API users against an Auth0 domain. Auth0 is configured using a "single page application" flow, which is already used by a React application to call the same APIs.

I've configured oauth2 as follows (tried authorizationCode , implicit and openIdConnect as described below, with identical results). Can you help me determine what I'm doing wrong? 

const options = {
    definition: {
        openapi: '3.0.0',
        info: {
            title: 'My API',
            version: '2.0.0',
            description: 'Operations API',
        },
        servers: [
            {
                url: 'http://localhost:4000/api/v2',
                description: 'Local development'
            }
        ]
    },
    apis: ['./src/routes/*.js']
}

const swaggerOptions = {
    explorer: false,
    swaggerOptions: {
        oauth: {
            clientId: '...',
            clientSecret: '...',
            appName: 'v1.0',
            scopeSeparator: ',',
            additionalQueryStringParams: {}         
        }
    }
}

const specs = swaggerJsDoc(options)
app.use('/api-docs', swaggerUI.serve, swaggerUI.setup(specs, swaggerOptions, false))

Defined inline with each route, I have:

/**
 * @openapi
 * components:
 *  securitySchemes:
 *    openId:
 *      type: openIdConnect
 *      openIdConnectUrl: https://domain.auth0.com/.well-known/openid-configuration
*/

/**
 * @openapi
 * tags:
 *   name: Aircraft
 *   description: Aircraft registration API
 */

/**
 * @openapi
 * /aircraft/icao/{icao}:
 *   get:
 *     tags: [Aircraft]
 *     parameters:
 *       - in: path
 *         name: icao
 *         schema:
 *           type: string
 *         required: true
 *         description: Aircraft transponder code
 *     responses:
 *       200:
 *         description: Aircraft registration details
 *         content:
 *           application/json:
 *             schema:
 *               type: array
 *               items:
 *                 $ref: '#/components/schemas/Aircraft'
 *     security:
 *      - openId:
 *        - openid
 *        - profile
 *        - email
 */
router.get('/icao/:icao', controller.getByIcao)

I get the "Authorize" dialog, it pre-populates the client id/secret from my configuration, users are redirected to Auth0's login page, and it even obtains an ID token and and access token. However, the token obtained and passed by Swagger to the API turns to be an incomplete/invalid JWT:

InvalidTokenError: Invalid Compact JWS<br> &nbsp; &nbsp;at /project/node_modules/express-oauth2-jwt-bearer/dist/index.js:271:19