Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth2 request adds vendorExtension scope to all auth requests #2483

Closed
janslow opened this issue Nov 4, 2016 · 3 comments
Closed

OAuth2 request adds vendorExtension scope to all auth requests #2483

janslow opened this issue Nov 4, 2016 · 3 comments

Comments

@janslow
Copy link

janslow commented Nov 4, 2016

When I try to obtain an OAuth2 token using Swagger UI, it displays a vendorExtensions scope in the list of scopes for that definition. It also then adds it to the list of scopes in the request from the OAuth server (which causes the request to be rejected).

For example, using the following security definition produces this URL, even if only the my-scope scope is selected:

http://nimbus.corefiling.com/oauth/authorize?response_type=token&redirect_uri=X&realm=X&client_id=X…ent_id=nimbus-dev&scope=my-scope%20vendorExtensions&state=X

securityDefinitions:
  oauth2:
    type: oauth2
    flow: implicit
    authorizationUrl: https://my-oauth2-server/oauth/authorize
    scopes:
      my-scope: A Scope

I believe this is related to swagger-api/swagger-js#869, which added a vendorExtensions object to the scopes object.
@a-tal a-tal mentioned this issue Nov 9, 2016
Closed
@frol frol mentioned this issue Nov 13, 2016
Merged
@frol
Copy link

frol commented Nov 13, 2016

I experience the same issue as well! #2397 (comment)

frol referenced this issue in swagger-api/swagger-js Nov 13, 2016
@fehguy
added vendor extensions
2aa589a
@frol
Copy link

frol commented Nov 13, 2016

@fehguy Could you, please, elaborate your vision on this issue as it was your commit to Swagger-Client which triggered this bug?

frol added a commit to frol/swagger-js that referenced this issue Nov 13, 2016
@frol
Fixed unnecessary scopes mutation
1bc499e 
The issue due to the mutated scopes popped up in Swagger-UI: swagger-api/swagger-ui#2483
@frol frol mentioned this issue Nov 13, 2016
Merged
@a-tal
Copy link

a-tal commented Nov 14, 2016

thanks @frol, your patch works for us 👍

fehguy added a commit that referenced this issue Nov 23, 2016
@fehguy
added sanitization of scopes per #2483
47ab2a3
@fehguy fehguy mentioned this issue Nov 23, 2016
Merged
@DominikPf DominikPf mentioned this issue Nov 24, 2016
Closed
@pmlido pmlido mentioned this issue Feb 15, 2017
Closed
kodekracker pushed a commit to 91springboard/swagger-ui that referenced this issue Mar 2, 2017
@fehguy @kodekracker
added sanitization of scopes per swagger-api#2483
8791ba1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@frol @janslow @a-tal