search

springdoc / springdoc-openapi

Library for OpenAPI 3 with spring-boot
https://springdoc.org
Apache License 2.0
3.28k stars 495 forks source link

springdoc-openapi-ui :: OAuth::CORS error #1192

Closed tamilsmani closed 3 years ago

tamilsmani commented 3 years ago

I am trying to integrate spring boot with Swagger using springdoc-openapi-ui. I have enabled OAuth security (Client credentials). when I fetch the OAuth token, I am getting the CORS error on the UI (attached the screenshot on the same)

Config details

@Bean public WebMvcConfigurer corsConfigurer() { return new WebMvcConfigurer() { @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("") .allowedOrigins("").allowCredentials(true) .allowedHeaders("") .allowedMethods(""); } }; }

@Bean public OpenAPI oauthOpenAPI(Server server) { LOGGER.info(String.format(SWAGGER_SECURITY_LOG, "oauth2-security")); return openAPI .servers(List.of(server)) .components(new Components() .addSecuritySchemes("Authentication", new SecurityScheme() .type(SecurityScheme.Type.OAUTH2) .description("Oauth2 flow") .flows(new OAuthFlows() .clientCredentials(new OAuthFlow() .authorizationUrl(tokenURL) .refreshUrl(tokenURL) .tokenUrl(tokenURL) .scopes(new Scopes())) ))); }

Spring boot version: 2.3.3.RELEASE org.springdoc:springdoc-openapi-ui:jar:1.5.9

Could u help me in resolve the issue?

tamilsmani commented 3 years ago
Screenshot 2021-06-14 at 20 21 35

Attached the screenshot.

devDinoFukuda commented 3 years ago

Hello @tamilsmani , did you solve your problem? I'm having the same difficulty.

debargharoy commented 3 years ago

Just to be sure that we are all on the same page, is your app registered with the destination app?

devDinoFukuda commented 3 years ago

Hi @debargharoy, I didn't understand the question.

bnasslahsen commented 3 years ago

CORS is related to your configuration. You need to have CORS enabled, on your applications that is blocking the swagger-ui.

kablanfatih commented 1 year ago

You should add swagger configuration

@Configuration
@OpenAPIDefinition(servers = {
    @Server(url = "/", description = "Default Server URL")
})
public class SwaggerConfiguration {

@Bean
public OpenAPI customOpenAPI(@Value("springdoc-openapi-ui") String serviceTitle, @Value("1.6.12") String serviceVersion) {
    final String securitySchemeName = "bearerAuth";
    return new OpenAPI()
            .components(
                    new Components().addSecuritySchemes(
                            securitySchemeName,
                            new SecurityScheme()
                                    .type(SecurityScheme.Type.HTTP)
                                    .scheme("bearer")
                                    .bearerFormat("JWT")
                    )
            )
            .security(List.of(new SecurityRequirement().addList(securitySchemeName)))
            .info(new Info().title(serviceTitle).version(serviceVersion));
}
}
fabrizio-cannizzaro commented 1 year ago

Hello, I have the same problem. I have tried ot remove the Origin header, replicating the request with cURL, and it works. How to is possible to avoid the Origin header apppended?

ujhazib commented 1 year ago

Just to note here, even if I disable CORS in my application, the integrated swagger will throw a CORS error.

mjaksa commented 1 year ago

Same issue by me anyone has a solution?

MetaiR commented 1 year ago

I have the same issue with the latest version of spring boot, java (21) and springdoc

ajmalch commented 9 months ago

Same issue for me as well