swagger-ui
swagger-ui copied to clipboard
Automatic token refresh for REST API with OpenID Connect authentication?
Q&A (please complete the following information)
- OS: Linux Mint 20.1
- Browser: Chromium
- Version: 90.0.4430.93
- Method of installation: by Springdoc 1.5.8
- Swagger-UI version: 3.47.1
- Swagger/OpenAPI versionOpenAPI 3.0
Content & configuration
I am developing an application having a REST API that is secured by Spring Security, using Keycloak to provide OpenID Connect functionalities. The OpenAPI specification is generated using Springdoc. AFAIK, the correct way of getting SwaggerUI to authenticate against OpenID Connect is to use OpenID Connect Discovery.
Swagger/OpenAPI definition:
openapi: 3.0.1
info:
title: NEW API
description: This document specifies the API of NEW
version: v0.1-SNAPSHOT
servers:
- url: 'http://localhost:8080'
description: Generated server url
security:
- oidc: []
paths:
/p/list:
get:
tags:
- plugin-controller
operationId: getAllOperations
responses:
'200':
description: OK
content:
'*/*':
schema:
type: array
items:
type: string
'400':
description: Bad Request
content:
'*/*':
schema:
$ref: '#/components/schemas/JSONResponse'
'401':
description: Unauthorized
content:
'*/*':
schema:
$ref: '#/components/schemas/JSONResponse'
'403':
description: Forbidden
content:
'*/*':
schema:
$ref: '#/components/schemas/JSONResponse'
'500':
description: Internal Server Error
content:
'*/*':
schema:
$ref: '#/components/schemas/JSONResponse'
components:
schemas:
JSONResponse:
type: object
properties:
errorData:
type: string
description: the raw error data
token:
type: string
securitySchemes:
oidc:
type: openIdConnect
openIdConnectUrl: 'http://localhost:8888/auth/realms/new/.well-known/openid-configuration'
How can we help?
Authorization works well in principal, but the application needs to do a token refresh automatically and regularly. Currently, I can send valid request to the API until the validity of the token acquired during login has expired. In the SwaggerUI documentation, I did not find how to configure such a thing like token refresh. Is SwaggerUI able to perform an automatic token refresh or is there eventually a possibility that the user can trigger it manually?
We're looking for this as well.
Same problem here using Swagger UI with FastAPI. I can specify a refresh_url in the oauth2_schema, but this doesn't work as expected:
oauth2_scheme = OAuth2AuthorizationCodeBearer(
authorizationUrl=ConfigHandler.get_config()["oauth2"]["authorization_server"]["authorization_url"], # The endpoint to get the authorization token
tokenUrl=ConfigHandler.get_config()["oauth2"]["authorization_server"]["token_url"], # The endpoint to get the actual access token
refreshUrl=ConfigHandler.get_config()["oauth2"]["authorization_server"]["token_url"]
)
We tried specifying refreshUrl
, too, but weren't able to get it to work.
Having this would help much in testing our APIs.
afaik, Swagger UI does not currently have token refresh. Happy to accept contributions, especially in this subject of authorization/authentication. 😉
Thinking about this more, one might be able to use requestIntercepters
to define custom handling to an auth request.
Any progress on this problem? I also need this functionality.
Any progress on this? it will be great help for developers
function authorize() { if ($('.btn.authorize').length < 1) return; if (!web.getCookie('accessToken')) return; let a = { CoreAPI: { name: 'CoreAPI', schema: swg_ui.authSelectors.definitionsToAuthorize().get(0).get('CoreAPI'), value: 'Bearer ' + web.getCookie('accessToken') } } swg_ui.authActions.authorize(a) }
Any progress on this? it will be great help for developers
+1
I am also looking for this feature in swagger, is there any progress?
+1
Is there any update on this feature? Do you know anything @tim-lai
I'm suffering with you
Wished the fastapi docs could do this