Reputation: 165
Why does the Swagger Specification not provide clientId for OAuth2 authentication?
I am developing an application that extracts Swagger specifications of other applications and extrapolates an UI for them, with all the needed functionalities to interact with the API.
Now I am facing a problem when trying to implement the OAuth2 authentication. With OAuth2 you always need a registered cientId to get the access token. The problem is that the swagger specification doesn't require providing a clientId in the OAuth2 security definitions.
This means that the clientId should be registered for my own application in any OAuth2 server that the users want to access, and get the data for my application, and not for my user's applications. Of course this is not the way my application should work, as it's supposed to maintain the user's application identity.
My questions are:
Should the clientId be added to the OAuth2 definition?
Is it possible to implement what I need without having to register my app for all the OAuth2 servers that my users want to access?
Maybe I am missing something, any help would be much appreciated!
Thank you
Upvotes: 0
Views: 439
Answers (1)
Reputation: 6824
I don't think ClientID would be part of the definition--it's typically part of the credentials that are provided to a specific implementation for connecting to a service. So each integration would be a different "client" and therefore a different ClientID
Upvotes: 2
Related Questions
- Why does Prettier not format code in VS Code?
- Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?
- Why does jQuery or a DOM method such as getElementById not find the element?
- Why does ++[[]][+[]]+[+[]] return the string "10"?
- Swagger ui is not getting loaded with Oauth2
- Github OAuth2 does not support Client Authentication?
- SSO with CAS or OAuth?
- Why do Spring Security OAuth2 DefaultTokenServices check clientId on loading the Authentication?