search

swagger-api / swagger-ui

Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
https://swagger.io
Apache License 2.0
26.47k stars 8.96k forks source link

How to hide client secret in Swagger Ul for Auth2 client? #10152

Open skiddow123 opened 2 weeks ago

skiddow123 commented 2 weeks ago

I'm configuring Swagger UI as an OAuth2 client in my Spring application. I see that I'm required to set the client secret using the property: springdoc.swagger-ui.oauth.client_id=secret. However, I want to know if there is a way to hide or protect the client secret in the Swagger UI. Is there a recommended approach to achieve this while still allowing users to authenticate through OAuth2? I already created an issue https://github.com/springdoc/springdoc-openapi/issues/2737 on the springdoc repo and I was directed here

nedcerneckis commented 1 week ago

Would be nice to have the option to hide this. We use a springdoc generator in Java using OIDC PKCE flow and client secret is useless for us. Only confuses the user

heldersepu commented 6 days ago

Are you trying to hardcode secrets in the Swagger UI ?!? that is a bad idea, the end user should enter that, not have it hardcoded...

https://petstore.swagger.io/ image