express-jsdoc-swagger
express-jsdoc-swagger copied to clipboard
BRIKEV
[BUG] Authentication not working with oauth2
Describe the bug Authentication not working with oauth2. To Reproduce Trying to implement oauth2 according to swagger documentation.
security: {
BearerAuth: {
type: "oauth2",
scheme: "bearer",
},
}
Does not work unfortunately. Also, I can not add scope and token URL information. Expected behavior I want to be able to add OAuth2 authentication method to swagger config, including scope and token URL information
Hi @thomasuebi,
Thanks for reporting. I'm sure it is not working so we will work on this asap. 👍
Hi,
I uploaded a workaround for this in this PR https://github.com/BRIKEV/express-jsdoc-swagger/pull/183. In that PR I'm using the merge option this library has.
It does not solve the issue but at least provides a solution.
Actually, we are dealing with the way of solving this, in terms of how should we ask the developer to complete OAuth2 info?
For example
{
"components": {
"securitySchemes": {
"oAuthSample": {
"type": "oauth2",
"description": "This API uses OAuth 2 with the implicit grant flow. [More info](https://api.example.com/docs/auth)",
"flows": {
"implicit": {
"authorizationUrl": "https://api.example.com/oauth2/authorize",
"scopes": {
"read_pets": "read your pets",
"write_pets": "modify pets in your account"
}
}
}
}
}
}
}
Adding this in a JSDOC comment I am not sure about that 🤔 Also we have to control which scopes we add for each endpoint. I guess that one is easier to solve we could do something like this
@security oauth: scope1, scope2
We will continue working on this, and we'll be glad to hear suggestions for this feature.
I'm working on an API that uses OpenID and would be happy to try testing the fix when it's available. Note that there's an additional bug in swagger-ui that I ran into: https://github.com/swagger-api/swagger-ui/issues/8315
