docs
docs copied to clipboard
api-platform
Add an example/tutorial for OAuth2 and Swagger
Currently I've added FOSOAuthServerBundle to my application to get OAuth2 support. This is working, but now I can not use the "Try out!"-Button in SwaggerUI, because I am not authenticated.
It would be nice to have an example for OAuth2 with Swagger Login support. If someone tells me the solution, I am willing to write the tutorial.
Great, it would be awesome to have a OAuth tutorial in the docs!
For your problem, you can override the Swagger UI Twig template provided by API Platform (https://github.com/api-platform/core/blob/master/src/Bridge/Symfony/Bundle/Resources/views/SwaggerUi/index.html.twig) by creating a new one in app/ApiPlatformBundle/Resources/views/SwaggerUi/index.html.twig.
Then, you can update the JS like in the Swagger UI: https://github.com/swagger-api/swagger-ui/blob/master/dist/index.html#L56-L66
What would be great, is to add new config options for OAuth credentials in the API Platform bundle and this snippet of JS directly in the JS file provided by the bundle.
The correct path seems to be app/Resources/ApiPlatformBundle/views/SwaggerUi/index.html.twig
Do you know, where to store the authorizationUrl?
I found something about securityDefinitions.
https://github.com/swagger-api/swagger-ui/issues/1384
Directly in the Swagger documentation: http://swagger.io/specification/#securityDefinitionsObject You can decorate the existing Swagger normalizer to add those fields. It would be nice to be able to configure this directly from the bundle configuration too.
Do you have an example for decorating the existing Swagger normalizer? I have absolutely no idea, how to do this.
http://symfony.com/doc/current/service_container/service_decoration.html
Basically something like:
services:
app.swagger_normalizer:
class: AppBundle\Swagger\DocumentationNormalizer
decorates: api_platform.swagger.normalizer.documentation
arguments: ['@app.swagger_normalizer.inner']
public: false
Now, I solved it temporarily by adding the following code to DocumentationNormalizer::computeDoc() at line 627
vendor/api-platform/core/src/Swagger/Serializer/DocumentationNormalizer.php:627
$doc['securityDefinitions'] = [
'oauth' => [
'type' => 'oauth2',
'description' => 'OAuth2 client_credentials Grant',
'flow' => 'application',
'tokenUrl' => '/oauth/v2/token',
'scopes' => []
]
];
$doc['security'] = [
[
'oauth' => []
]
];
I will make it working via config.yml and add an pull request to the project. With the decorator I didn't got it working.
The client_credentials grant type is not the best solution, but swagger ui does not support the password grant type, which would be the best :/
Are we using the current swagger UI version?
The password flow seems to be implemented in Dec 2016. https://github.com/swagger-api/swagger-ui/pull/2397
Merge request for oauth core changes: https://github.com/api-platform/core/pull/982 Merge request for documentation: #182
Thank you very much for all this work! I'm in vacation this week but I'll do a full review ASAP.
The PR with the code changes seem to have been merged, but there are still some comments left on the documentation PR.
@iCodr8, would you be able to pick those up please?
This is my config for the OAuth support in swagger:
api_platform:
oauth:
enabled: true
clientId: 'ENTER_HERE_YOUR_CLIENT_ID'
clientSecret: 'ENTER_HERE_YOUR_CLIENT_SECRET'
type: 'oauth2'
flow: 'password'
tokenUrl: '/oauth/v2/token'
authorizationUrl: '/oauth/v2/auth'
scopes: []
swagger:
api_keys:
apiKey:
name: Authorization
type: header