Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Oauth2 (authorization code flow) is ignoring server url
See original GitHub issueDescribe the bug In my app I declared 2 OAuth2 security schemes. The first one with authorizationCode flow and the second one with clientCredentials flow.
On my local environment eveything is working fine. When I deployed the app, some stuff were broken.
For client credentials flow issue has been fixed
Thanks to https://github.com/springdoc/springdoc-openapi/issues/118#issuecomment-615306836
For authorization code flow issue is still present (only in https mode)
On swagger-ui page, I click on Authorize button, then I enter the valid client id (for authorization code flow) and I click sur the “authorize” button. I’m redirected to the keycloak screen where I can choose to enter username/password credentials or an identity provider (Google, Facebook, …). I choose google (because it is well configured) and after entering my credentials I get the error :
Uncaught DOMException: Blocked a frame with origin "http://<base-url>" from accessing a cross-origin frame.
The error mentionned http protocol whereas I’m using https. Server url info seems to be ignored?
Note: in http mode everything is working fine
To Reproduce Steps to reproduce the behavior:
@OpenAPIDefinition(
servers = {
@Server(url = "/")
}
)
@SecurityScheme(
name = ApiConfig.SECURITY_SCHEME_BACK_OFFICE,
type = SecuritySchemeType.OAUTH2,
flows = @OAuthFlows(
authorizationCode = @OAuthFlow(
authorizationUrl = "${springdoc.oAuthFlow.authorizationUrl}",
tokenUrl = "${springdoc.oAuthFlow.tokenUrl}"
)
)
)
# in the classes I defined my endpoints I added
# @SecurityRequirement(name = ApiConfig.SECURITY_SCHEME_BACK_OFFICE)
- On swagger-ui page (https mode), click on authorize button
- enter a valid client id then click on authorize
- you will be redirect to the resource server you are using, then I use google identity provider so I enter my google’s credentials,
- you will be redirected to a blank screen (in the chrome console you will get the error message Uncaught DOMException as described above)
- SB v2.2.6
- springdoc-openapi-ui: 1.4.2
Expected behavior Authorization code flow authentication should work with both http and https mode. Server url info should not be ignored.
Screenshots
Server url is well configured
Issue Analytics
- State:
- Created 3 years ago
- Comments:8 (4 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Finally, I succeed to use authorization code flow on my preprod environment. My UAT env has maybe some issues with security certificates. Everything is good on my side
Closing this issue, as not reproducible and examples above are woking using different kind of configurations.