Reputation: 1597
springdoc / Swagger UI not passing OAuth2 token to API
I am using springdoc (v1.5.9) to generate Swagger definitions for an API. After authenticating inside the Swagger UI and executing a secured method, the http request received by the Spring Boot app has no Authentication header. I have confirmed via JS debugger that the Swagger UI received and stored a valid authentication token.
Below are the HTTP request, the Swagger api-docs showing the security scheme defined / applied to the method, the springdoc configuration and a controller.
How do I need to change / add to my Spring configuration to get the Authorization passed to the API from the Swagger UI?
HTTP request received
Request received for GET '/foo/1234':
org.apache.catalina.connector.RequestFacade@71c70030
servletPath:/foo/1234
pathInfo:null
headers:
host: localhost:8070
connection: keep-alive
sec-ch-ua: "Chromium";v="92", " Not A;Brand";v="99", "Google Chrome";v="92"
accept: application/json
sec-ch-ua-mobile: ?0
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36
sec-fetch-site: same-origin
sec-fetch-mode: cors
sec-fetch-dest: empty
referer: http://localhost:8070/swagger-ui/index.html?configUrl=/v3/api-docs/swagger-config
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cookie: JSESSIONID=A0F9846102153C06D77D6ED5506CC227
Security filter chain: [
WebAsyncManagerIntegrationFilter
SecurityContextPersistenceFilter
HeaderWriterFilter
CsrfFilter
LogoutFilter
BearerTokenAuthenticationFilter
RequestCacheAwareFilter
SecurityContextHolderAwareRequestFilter
AnonymousAuthenticationFilter
SessionManagementFilter
ExceptionTranslationFilter
FilterSecurityInterceptor
]
api-docs
{
"openapi": "3.0.1",
"info": {
"title": "My App",
"version": "v1"
},
"servers": [
{
"url": "http://localhost:8070",
"description": "Generated server url"
}
],
"paths": {
"/foo/{id}": {
"get": {
"tags": [
"foo"
],
"parameters": [
{
"name": "id",
"in": "path",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
},
"security": [
{
"custom": [
]
}
]
}
},
"securitySchemes": {
"access_token": {
"type": "oauth2",
"in": "header",
"scheme": "custom",
"flows": {
"authorizationCode": {
"authorizationUrl": "https://login.myauthsever.com/v2/oauth/authorize",
"tokenUrl": "https://login.myauthsever.com/v2/oauth/token",
"scopes": {
}
}
}
}
}
}
}
OpenAPI config
@OpenAPIDefinition(info = @Info(title = "My App", version = "v1"))
@SecurityScheme(scheme = "custom", type = SecuritySchemeType.OAUTH2, in = SecuritySchemeIn.HEADER, name = "access_token",
flows = @OAuthFlows(authorizationCode = @OAuthFlow(
authorizationUrl = "https://login.myauthsever.com/v2/oauth/authorize",
tokenUrl = "https://login.myauthsever.com/v2/oauth/token", scopes = {})))
public class OpenApiConfig {
}
Controller
@RestController
@Tag(name = "foo")
@SecurityRequirement(name = "custom")
public class SystemSigController {
@GetMapping(path = "/foo/{id}")
String getFoo(@PathVariable String id) {
...
}
}
Upvotes: 0
Views: 3487
Answers (1)
Reputation: 97991
The @SecurityRequirement.name value must be the same as @SecurityScheme.name.
Since you have @SecurityScheme(..., name = "access_token"...), the controller must use:
@SecurityRequirement(name = "access_token")
Upvotes: 2
Related Questions
- Spring springdoc-openapi : swagger-ui/index.html cannot be found status=404
- 404 error on Swagger UI with Spring (springdoc-openapi configuration)
- Springdoc Swagger UI not using swagger-config
- springdoc-openapi-ui add JWT header parameter to generated swagger
- springdoc Swagger UI not POSTing JSON
- Enable /oauth/token endpoint springdoc-openapi-ui
- How to integrate Swagger with SpringDoc YAML?
- Swagger ui is not getting loaded with Oauth2
- How to enable swagger to accept oauth2 tokens?
- Document Spring OAuth 2.0 APIs using Swagger