RapiDoc
RapiDoc copied to clipboard
rapi-doc
Relative url for the security schemes
Try to use RapiDoc in a new project and see some strange behavior when working with relative urls.
Consider this openapi spec
servers:
- url: https://api.example.com/v2
components:
securitySchemes:
openId:
type: openIdConnect
openIdConnectUrl: /.well-known/openid-configuration
According to https://swagger.io/docs/specification/authentication/openid-connect-discovery section "Relative Discovery URL".
Relative URLs are resolved according to RFC 3986. In the example above, it will be resolved to https://api.example.com/.well-known/openid-configuration.
Swagger-ui in the authorization section uses this rule.
RapiDoc takes full server url and resolves openIdConnectUrl as https://api.example.com/v2/.well-known/openid-configuration.
Is this intended behavior or bug ?
thank you for testing it out. We havent yet tested OpenID security schemes that well. Is this only the issue you are facing ? else please list down all others. I will use this ticket to create our tasks to provide a better support for OpenID security scheme
I also see this issue with "Authorization Code flow".
components:
securitySchemes:
oauth2:
type: oauth2
flows:
authorizationCode:
authorizationUrl: ...
tokenUrl: ...
refreshUrl: ...
Probably there is a generic algorithm of building a url for a security schema which has an error.
@buhtr - does the OpenID Connect even render something for you?
I am using a full url as my OpenID Connect server is somewhere else - but it just shows the following for me:
I've also seen this issue with clientCredentials flow as well.
serverUrl="http://localhost:8080/api/v1" causes my tokenUrl to render as "http://localhost:8080/api/v1/token" instead of "http://localhost:8080/token".
From https://swagger.io/docs/specification/authentication/oauth2/
My PR fixes this issue so RapiDoc is compliant with the spec.
Showing the fix works.
