Client credential flow and multiple schemes #1825
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Added support for multiple authentication schemes
To use the client credentials, index.html needs to have
1. input boxes to recieve client id and client secret
2. handlers that intitialse OAuth correctly on change.
For example, you could replace the explore and apikey inputs in the header with:
<div class='input'><input placeholder="client id" id="input_clientId" name="clientId" type="text" autocomplete="off"/></div>
<div class='input'><input placeholder="client secret" id="input_clientSecret" name="clientSecret" type="text" autocomplete="off"/></div>
and add the following javascrip to handle updates within the initialisation block (replacing the apikey javascript):
function updateOauth(){
initOAuth({
clientId: $('#input_clientId')[0].value,
clientSecret: $('#input_clientSecret')[0].value,
realm: "blank",
appName: "blank"
});
}
$('#input_clientId').change(updateOauth);
$('#input_clientSecret').change(updateOauth);
Added support for multiple authentication schemes
To use the client credentials, index.html needs to have
1. input boxes to receive client id and client secret
2. handlers that intitialise OAuth correctly on change.
For example, you could replace the explore and apikey inputs in the header with:
<div class='input'><input placeholder="client id" id="input_clientId" name="clientId" type="text" autocomplete="off"/></div>
<div class='input'><input placeholder="client secret" id="input_clientSecret" name="clientSecret" type="text" autocomplete="off"/></div>
and add the following javascript to handle updates within the initialisation block (replacing the apikey javascript):
function updateOauth(){
initOAuth({
clientId: $('#input_clientId')[0].value,
clientSecret: $('#input_clientSecret')[0].value,
realm: "blank",
appName: "blank"
});
}
$('#input_clientId').change(updateOauth);
$('#input_clientSecret').change(updateOauth);
These examples could be incorporated into the swagger index.html file if required (or a new example created)
Issues - displaying multiple schemes could be improved. Currently the UI is unaware that a particular scheme is required for a call so displays all scopes as options. Will require work on core swagger ui and templates to make scheme available to swagger-oauth.js
This was referenced Dec 18, 2015
|
Is there a working example index.html file of this? I've tried the above suggestion, but the call to the token url never fires.. The authorize interface comes up, but doesn't work since there's no authorize url. Tried 2.1.4 and current master. Thanks! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Added support for client credentials (application) flow
Added support for multiple authentication schemes
To use the client credentials, index.html needs to have
For example, you could replace the explore and apikey inputs in the header with:
and add the following javascript to handle updates within the initialisation block (replacing the apikey javascript):
These examples could be incorporated into the swagger index.html file if required (or a new example created)
Issues - displaying multiple schemes could be improved. Currently the UI is unaware that a particular scheme is required for a call so displays all scopes as options. Will require work on core swagger ui and templates to make scheme available to swagger-oauth.js