Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using oauth2 securityScheme, redirectUrl is set to http://localhost:3200/oauth2-redirect.html #54

Open
mossprescott opened this issue Aug 24, 2018 · 6 comments

Comments

@mossprescott
Copy link

This seems to be part of the default config (see https://github.com/swagger-api/swagger-ui/blob/a86fcf312a0d9b04d99982bf88a3d95884eddb9a/swagger-config.yaml). For this to work, we would need to be able to override that URL to point to a page that's, you know, actually served by our server.

The behavior is similar to what's reported here.

There does not seem to be any way to override this config.

@mossprescott mossprescott changed the title Using ouath2 securityScheme, redirectUrl is set to http://localhost:3200/oauth2-redirect.html Using oauth2 securityScheme, redirectUrl is set to http://localhost:3200/oauth2-redirect.html Aug 24, 2018
@smn-snkl
Copy link

Any update on this?

@zakibenz
Copy link

Is it still an open issue ?

@phadej
Copy link
Contributor

phadej commented Oct 31, 2019

If someone knows what this is about, and have an idea how to fix it, then be my guest.

Simply put, I cannot reproduce this issue, as I don't fully understand what it's about.

@DavidBiesack
Copy link

when registering client applications with some identity providers (such as AWS Cognito; see https://aws.amazon.com/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/ ), the application defines the redirect URI that the identity provider redirects to - the redirect URI is tied to the clientID/secret. It must be passed to the auth server along with the client ID and client secret, and if the redirect URI does not match the one that is registered with the client application, the request fails. Since Swagger UI is not prompting for the redirect URI or passing it to the identity server, OAuth2 authentication fails.

@DavidBiesack
Copy link

Swagger UI configuration can set the redirect URI in index.html options to SwagerUIBundle via https://github.com/swagger-api/swagger-ui/blob/master/docs/usage/configuration.md .

@Sekramo13
Copy link

This is still an issue on the latest version to date. I'm very confused about why this is still an issue, I see constant issue threads about resolving the issue and they have (mostly) all been closed.

The situation, I want to serve swagger UI from https://localhost:3000/api
After cloning the repo I do the following:

`npm run build`
`docker build -t swag:0.0.26 .`
docker run -p 3000:8080 -e BASE_URL=/api swag:0.0.26

My swagger.json contains basically the default pets.json with the following change:

    "securityDefinitions":{
        "petstore_auth":{
            "type":"oauth2",
            "authorizationUrl":"<DNS>/auth/realms/customer-radar/protocol/openid-connect/auth",
            "flow":"implicit"
        }

Additionally in my index.html in dist/:

    window.onload = function() {
      // Begin Swagger UI call region
      console.error("!!!! Starting Up 01\n\n\n\n")
      print("!!!! Starting Up 02\n\n\n\n")
      
      const ui = SwaggerUIBundle({
        url: "<PathtoMyPublicAccessableSwagger.json>",
        oauth2RedirectUrl: "/tester/oauth2-redirect.html",
        dom_id: '#swagger-ui',
        deepLinking: true,
        presets: [
          SwaggerUIBundle.presets.apis,
          SwaggerUIStandalonePreset
        ],
        plugins: [
          SwaggerUIBundle.plugins.DownloadUrl
        ],
        layout: "StandaloneLayout"
      })
      // End Swagger UI call region

      window.ui = ui

      ui.initOAuth({
        clientId: "seldon",
        realm: "customer-radar"
      })

    }

If I then hit https://localhost:3000/api I get redirected to swagger-ui.
If I hit authorize I see my client-id is populated with seldon.
If I hit authorize in the pop-up I get redirected to my Idp, I can enter my name and password and then get redirected back:
http://localhost:3039/oauth2-redirect.html#state=%3D&session_state=&access_token=&token_type=bearer&expires_in=900
This redirect fails and I can see from the network traffic monitoring that swagger is posting the redirect URI as part of the request

What I expected to happen:
In swagger-ui/docker/run.sh:
BASE_URL (which is set as part of docker) should change nginx to server all traffic with the new base url.

What is happening:
The redirect that is requested as part of the post to the the Idp does not go through Nginx thus the path will not be updated.

Temporary solution:
In swagger-ui/src/core/index.js this line:
oauth2RedirectUrl: ${window.location.protocol}//${window.location.host}/oauth2-redirect.html,
just update with the desired path
oauth2RedirectUrl: ${window.location.protocol}//${window.location.host}/api/oauth2-redirect.html,

Now it will redirect to my desired base URL of "API"

Additionally you will notice I did set oauth2RedirectUrl: "/tester/oauth2-redirect.html", in index.html.
As far as I can tell it doesn't change anything.

I'm thinking it's not a file/overwrite issue as the oauthinit in the same file is working.

Just reiterating, there is about ~10 open issues that is dealing with this type of issue, there are also numerous closed issues which I'm assuming means someone tried to fix this? (Or do some issues get closed if they go stale, I'm not sure what the policy here is?)

Anyway I'm hoping the above is informative enough to help everyone else with this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants