search

springfox / springfox-demos

Springfox demo applications
http://springfox.io
Apache License 2.0
737 stars 354 forks source link

Implementing client credentials grant for Spring fox #16

Open ljramones opened 8 years ago

ljramones commented 8 years ago

I have a working spring mvc swagger implementation (the old version prior to spring fox) and I am looking at updating it to spring fox.

I have a working client credentials version using some custom code. Is client credentials grant supported? I saw some talk on the issues page that said it would be in the future (has the future happened yet).

I want to update my version of this with the new spring fox. Any examples?

dilipkrish commented 8 years ago

@EvilJinious1

I have a working client credentials version using some custom code.

Custom code swagger-ui or springfox plugin?

Is client credentials grant supported?

oauth support in general is very spotty in swagger-ui. I haven't checked but as far as I know everything thats supported in swagger-ui 2.14 is supported in the latest snapshot build

I want to update my version of this with the new spring fox. Any examples?

This is the repo to look for examples! So you're in luck :smile: There is a document that explains the transition from swagger-springmvc to sprinfox

ankurdhingra commented 7 years ago

any examples on client credentials grant type (application flow) using springfox?

ghost commented 6 years ago

@ankurdhingra Here is a minimal example:

AuthorizationScope authScope = new AuthorizationScope("read_write_scope", "Read/Write scope.");

Docket api = new Docket(DocumentationType.SWAGGER_2)
    .securitySchemes(securitySchemes())
    .securityContexts(securityContexts());

/**
 * Generates the Security Definition Object of the Swagger Object
 * http://swagger.io/specification/#securityDefinitionsObject
 *
 *     {
 *         "oauth2_client_credentials": {
 *             "type": "oauth2",
 *             "tokenUrl": "http://host/oauth/token",
 *             "flow": "application",
 *             "scopes": {
 *                 "read_write_scope": "Read/Write scope."
 *             }
 *         }
 *     }
 */
private List<OAuth> securitySchemes() {
    return singletonList(new OAuth(
      "oauth2_client_credentials",
      singletonList(authScope),
      singletonList(new ClientCredentialsGrant("http://host/oauth/token"))));
}

/**
 * The List<SecurityReference> to put on each Operation Object matching the endpoints defined in the regex.
 * http://swagger.io/specification/#operationObject
 *
 */
private List<SecurityContext> securityContexts() {
    return singletonList(new SecurityContext(
      securityRequirements(),
      PathSelectors.regex(API_PATH_REGEX)));
}

/**
 * Generates a Security Requirement Object.
 * http://swagger.io/specification/#securityRequirementObject
 *
 *     "security": [{
 *         "oauth2_client_credentials": [ "read_write_scope" ]
 *     }]
 */
private List<SecurityReference> securityRequirements() {
    AuthorizationScope[] authScopes = new AuthorizationScope[1];
    authScopes[0] = authScope;
    return singletonList(new SecurityReference("oauth2_client_credentials", authScopes));
}
emaysyuk commented 5 years ago

Here is a good example on client credentials grant type ("application" flow): https://stackoverflow.com/questions/42054384/how-to-configure-oauth2-with-password-flow-with-swagger-ui-in-spring-boot-rest-a#answer-46715492