search

zmievsa / cadwyn

Production-ready community-driven modern Stripe-like API versioning in FastAPI
https://docs.cadwyn.dev/
MIT License
186 stars 24 forks source link

Cadwyn does not properly handle swagger_ui_init_oauth and swagger_ui_oauth2_redirect_url arguments #175

Closed gabloe closed 1 month ago

gabloe commented 1 month ago

Describe the bug After migrating my API to Cadwyn my OpenAPI docs UI no longer has the oauth OpenAPI properties mapped to the authorization dialog.

My API uses authorization code grant for protecting all routes. I am passing the below kwargs to Cadwyn. I see that cadwyn passes these along to FastAPI, but nevertheless my Swagger UI with Cadwyn is missing the pre-filled oauth fields when attempting interactive authorization.

    'swagger_ui_oauth2_redirect_url': settings.oauth.openapi_redirect_url,       # /oauth-redirect
    'swagger_ui_init_oauth': {
        "usePkceWithAuthorizationCodeGrant": True,
        "clientId": settings.oauth.openapi_client_id,                    # Azure client ID for my OpenAPI SPA
        "scopes": settings.oauth.scope_name,                             # Scope name, e.g.: user_impersonation
    },

If I switch back to using FastAPI instead of Cadwyn without changing anything else the issue goes away.

To Reproduce Steps to reproduce the behavior:

  1. Create a Cadwyn app using authorization code grant flow for oauth
  2. Open /docs
  3. Attempt to authorize
  4. The expected client ID and pre-selected scopes are not set
  5. Even if I fill in the correct client ID and scopes manually authorization fails because the redirect URI is not properly configured even though I have passed it to the constructor.

Expected behavior I expect interactive authorization via the openapi docs endpoint works

Additional context I am using FastAPI-Azure-OAuth for route security https://intility.github.io/fastapi-azure-auth/

zmievsa commented 1 month ago

Thanks for reporting it! I'll take a look today!

zmievsa commented 1 month ago

@gabloe Please, try the latest version: https://pypi.org/project/cadwyn/3.15.1/

Ping me once you get a chance to test it 🙏

gabloe commented 1 month ago

Thanks @zmievsa! I tried it out, and that fixes the oauth issue, but now for some reason if I pass a lifespan to the constructor my Swagger page no longer loads.

With a lifespan I see only:

image

If I don't pass a lifespan everything works except my initialization code that I want to run during app startup obviously cannot run.

zmievsa commented 1 month ago

Found the reason for this bug. I'll fix it and add it to my testcases today.

zmievsa commented 1 month ago

@gabloe Fixed it in 3.15.2. Already released.

gabloe commented 1 month ago

Thanks @zmievsa! I will try it out today

gabloe commented 1 month ago

Confirmed that it is working now. Thanks @zmievsa for the quick fixes!