swagger-api
oauth2-redirect.html missing
Q&A (please complete the following information)
- OS: macOS Mojave 10.14.3
- Browser: Chrome
- Version: 72.0.3626.121
- Method of installation: docker
- Swagger-Editor version: 3.6.26
- Swagger/OpenAPI version: OpenAPI 3.0
Content & configuration
Example Swagger/OpenAPI definition:
openapi: 3.0.1
info:
version: 1.0.0
title: 'JSON:API courses'
description: >-
A sample API that uses courses as an example to demonstrate representing
[JSON:API 1.0](http://jsonapi.org/format) in the OpenAPI 3.0 specification.
This was created by downloading and then editing http://jsonapi.org/schema.
The resources are from a Columbia University training example using Django
REST Framework JSON API (DJA).
contact:
name: Alan Crosswell
email: [email protected]
url: 'http://www.columbia.edu/~alan'
license:
name: Apache 2.0
url: 'https://www.apache.org/licenses/LICENSE-2.0.html'
servers:
- url: 'http://localhost:9123/v1'
paths:
/courses/:
get:
description: Returns a collection of courses
operationId: find courses
security:
- oauth-dev: [auth-columbia read]
parameters:
- name: sort
in: query
description: fields to sort by
required: false
style: form
schema:
type: string
- name: 'fields[courses]'
in: query
description: 'Sparse Fieldsets: return only the specified course fields'
required: false
style: form
schema:
type: string
responses:
'200':
description: course response
content:
application/vnd.api+json:
schema:
$ref: '#/components/schemas/CourseCollection'
# ...
components:
securitySchemes:
oauth-dev:
type: oauth2
flows:
authorizationCode:
authorizationUrl: https://oauth-dev.cuit.columbia.edu:8443/as/authorization.oauth2
tokenUrl: https://oauth-dev.cuit.columbia.edu:8443/as/token.oauth2
scopes:
"auth-columbia": Columbia UNI login
create: create
read: read
update: update
delete: delete
openid: disclose your identity
profile: your user profile
email: your email address
https://api.columbia.edu/scope/group: groups you are a member of
"demo-netphone-admin": Administrative access to netphone resources
# ...
Swagger-Editor configuration options:
SwaggerEditor({
// your config options here
})
?yourQueryStringConfig
Describe the bug you're encountering
In swagger-editor, clicking Authorize and entering appropriate client credentials and scopes in the oauth-dev (OAuth2, authorizationCode) popup results in a successful OAuth2 Authorization Code flow up until the redirect back to the redirect_uri. This fails with a 404 because /oauth2-redirect.html is missing.
To reproduce...
Steps to reproduce the behavior:
- Click
Authorizewhich opens the authorization popup. - Fill in
client_id,client_secretand check desired scopes. - Click
Authorizeinside the authorization popup. - Fill in redirected OAuth2 AS-specific fields (e.g. user/password, scope approval)
- Get nginx 404 Not Found error page with this URL:
http://127.0.0.1/oauth2-redirect.html?code=redacted&state=redacted
Expected behavior
/oauth2-redirect.html exists and the authorization code flow succeeds.
Screenshots
Additional context or thoughts
Fix this by simply copying oauth2-redirect.html (from swagger-ui) to /usr/share/nginx/html/
swagger-editor$ docker exec -it heuristic_mirzakhani sh
/ # cd /usr/share/nginx/html/
/usr/share/nginx/html # # I had a copy already salted away ...
/usr/share/nginx/html # mv oauth2-redirect.htmlx oauth2-redirect.html
/usr/share/nginx/html # exit
swagger-editor$ docker restart heuristic_mirzakhani
heuristic_mirzakhani
I searched the swagger-editor repo for the file but it was not there and is not referenced in swagger-editor-dist-package/deploy.sh.
I'm not sure if this is a swagger-editor issue or swagger-ui issue. It seems to be present in the dist....
Hi,
I don't think the issue is about the 404 itself.
It is an issue with the fact that the tool does not keep the path.
In your case it would be /v1/oauth2-redirect.html
I am not sure how to fix this issue yet. If you have any idea. I guess we could make a PR once we figure out how to keep the path when it redirects.
Cheers,
You can find the file in https://github.com/swagger-api/swagger-ui/blob/master/dist/oauth2-redirect.html and it appears in the dist folder of a swagger-ui cloned repository.
Swagger UI configuration can set the redirect URI in index.html options to SwagerUIBundle via https://github.com/swagger-api/swagger-ui/blob/master/docs/usage/configuration.md if the path is not at the root . I think the OP needs to
configure this to SwaggerUIBundle({oauth2RedirectUrl : "http://127.0.0.1/oauth2-redirect.html", ...})
I don't think the redirect URI needs the v1/ prefix, since the redirect URI is not associated with the API service that is described by the OpenAPI definition at url: 'http://localhost:9123/v1'. Instead, the redirect URI is associated with the client application authorization -- different clients which auth against the service (for example, different Swagger UI clients, or others) wil have different redirect URIs.
Is the issue that the file is missing from the editor? I've been trying to connect the preview in the editor with an OAuth and everything works until the provider (keycloak in my case) tries the redirect URL, which doesn't exist.
It seems like there is a disjoint between the UI source code, which has the oauth2-redirect.html and the editor (this repo) which is missing this file.
A workaround seems to be to edit the YAML with the editor and then use the UI to render, which will have the correct redirect URL.
Just encountered this using Swagger vNext in a container. Had to terminal into the container and
wget -O /usr/share/nginx/html/oauth2-redirect.html https://github.com/swagger-api/swagger-ui/raw/refs/heads/master/dist/oauth2-redirect.html
This issue is also present in the now developed editor-next: https://editor-next.swagger.io/oauth2-redirect.html returns 404
It is not possible to set up OAuth2 security scheme in the editor right now.
We’ve released Swagger Editor v5! 🎉 Check out the details here: Inside the New Swagger Editor. We’re closing old issues related to previous versions. If you think any of them are still relevant, please open a new issue – this helps us prioritize what matters most. Thanks for your activity! 🚀
