I am not really happy with how the Swagger UI currently works. It should be more straight forward to use and not need additional config to expose it (securely).
The options to only show it to rauthy admins are very limited without doing additional checks in middlewares. I added a working check, but this fails when someone changes the cookie to a non-host one with a path restriction.
I kept the code snipped as a TODO and am thinking about a nicer solution for this problem.
Aparm from this, the Try Out function has been limited to GET only to avoid confusion why it does not work for other actions. I also added a link to the Rauthy book in the description.
I am not really happy with how the Swagger UI currently works. It should be more straight forward to use and not need additional config to expose it (securely).
The options to only show it to rauthy admins are very limited without doing additional checks in middlewares. I added a working check, but this fails when someone changes the cookie to a non-host one with a path restriction.
I kept the code snipped as a TODO and am thinking about a nicer solution for this problem.
Aparm from this, the
Try Out
function has been limited toGET
only to avoid confusion why it does not work for other actions. I also added a link to the Rauthy book in the description.