search

swagger-api / swagger-ui

Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
https://swagger.io
Apache License 2.0
26.32k stars 8.92k forks source link

Swagger-ui does not send code parameter to token endpoint for OIDC #8065

Closed skion closed 1 year ago

skion commented 2 years ago

Q&A

Content & configuration

Example Swagger/OpenAPI definition:

openapi: 3.0.2
info:
  title: Test API
  version: dev
paths:
  /hello/{name}:
    get:
      summary: Say Hello
      operationId: say_hello_hello__name__get
      parameters:
      - required: true
        schema:
          title: Name
          type: string
        name: name
        in: path
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema: {}
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
      security:
      - OpenIdConnect: []
components:
  schemas:
    HTTPValidationError:
      title: HTTPValidationError
      type: object
      properties:
        detail:
          title: Detail
          type: array
          items:
            $ref: '#/components/schemas/ValidationError'
    ValidationError:
      title: ValidationError
      required:
      - loc
      - msg
      - type
      type: object
      properties:
        loc:
          title: Location
          type: array
          items:
            anyOf:
            - type: string
            - type: integer
        msg:
          title: Message
          type: stringa
        type:
          title: Error Type
          type: string
  securitySchemes:
    OpenIdConnect:
      type: openIdConnect
      openIdConnectUrl: https://accounts.google.com/.well-known/openid-configuration

Swagger-UI configuration options:

    SwaggerUIBundle({
        url: '/openapi.json',
    "dom_id": "#swagger-ui",
"layout": "BaseLayout",
"deepLinking": true,
"showExtensions": true,
"showCommonExtensions": true,
oauth2RedirectUrl: window.location.origin + '/docs/oauth2-redirect',
    presets: [
        SwaggerUIBundle.presets.apis,
        SwaggerUIBundle.SwaggerUIStandalonePreset
        ],
    })

Describe the bug you're encountering

The UI seems to omit passing the authorization code into the token endpoint call, causing the UI to show:

auth errorError: Bad Request, error: invalid_request, description: Missing required parameter: code

To reproduce...

Expected behavior

I would expect the authorization code flow to successfully exchange the code for an access_token and id_token.

Screenshots

Request body to Google's token endpoint is like this:

grant_type=authorization_code&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&redirect_uri=http%3A%2F%2Flocalhost%3A8000%2Fdocs%2Foauth2-redirect

which responds with

{
  "error": "invalid_request",
  "error_description": "Missing required parameter: code"
}

image

MaxDXDX commented 1 year ago

I have the same problem. @skion , did you solve it ?

skion commented 1 year ago

Nope, not yet...

skion commented 1 year ago

@MaxDXDX Actually it does work correctly now with the latest version for me, which appears to be swagger-ui-dist@4.15.5... I'm closing this issue.