Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Wrong oauth2-redirect.html path using OAuth2 Code flow

See original GitHub issue

Describe the bug

This sounds very like https://github.com/springdoc/springdoc-openapi/issues/340 . We are using openapi-ui version 1.2.30 and have an OAuth2 secured API (Authorization code flow).

When we use the authorize button in Swagger-UI after logging in we get redirected to something like http://localhost:8080/oauth2-redirect.html . Notice that the /swagger-ui part is missing in the path.

We use the generated Openapi Spec (/v3/api-docs). The content of /v3/api-docs/swagger-config is:

{ 
   "configUrl":"/v3/api-docs/swagger-config",
   "oauth2RedirectUrl":"http://localhost:8088/swagger-ui/oauth2-redirect.html",
   "url":"/v3/api-docs",
   "validatorUrl":""
}

The securityScheme config in the spec looks like this:

"securitySchemes":{ 
   "oauth2":{ 
      "type":"oauth2",
      "in":"header",
      "bearerFormat":"jwt",
      "flows":{ 
         "authorizationCode":{ 
            "authorizationUrl":"https://localhost:9002/authorizationserver/oauth/authorize",
            "tokenUrl":"http://localhost:8080/oauth/token"
         }
      }
   }
}

To Reproduce Steps to reproduce the behavior:

What version of spring-boot you are using? 2.2.4.RELEASE
What modules and versions of springdoc-openapi are you using? org.springdoc:springdoc-openapi-ui:1.2.30’

Expected behavior

I would expect to be redirected to http://localhost:8080/swagger-ui/oauth2-redirect.html after logging in at the OAuth2 provider.

Additional info

Can you point me in a direction where to debug to further investigate the issue? Or is my config simply wrong?

Issue Analytics

State:
Created 4 years ago
Comments:9 (3 by maintainers)

Top GitHub Comments

1reaction

bnasslahsencommented, Feb 5, 2020

Are you using any configuration properties ? Difficult to answer you without providing a sample project to reproduce (MCVE).

0reactions

spiranncommented, Jan 26, 2022

Hi @patst, did you find a solution ? , I’ve the same problem the oauth login box is loaded with the parameter &redirect_uri=http:%2F%2Flocalhost:5000%2Foauth2-redirect.html which result in a 404 on http://localhost:5000/oauth2-redirect.html?code=xxx

here is my swagger-config { "configUrl": "/v3/api-docs/swagger-config", "oauth2RedirectUrl": "http://localhost:5000/swagger-ui/oauth2-redirect.html", "url": "/v3/api-docs", "validatorUrl": "" }

Top Results From Across the Web

The Authorization Response - OAuth 2.0 Simplified

If the request is valid and the user grants the authorization request, the authorization server generates an authorization code and redirects the user...

Using OAuth 2.0 for Web Server Applications | Authorization

This document explains how web server applications use Google API Client Libraries or Google OAuth 2.0 endpoints to implement OAuth 2.0 ...

Google OAuth 2 authorization - Error: redirect_uri_mismatch

The redirect URI (where the response is returned to) has to be registered in the APIs console, and the error is indicating that...

Getting error while getting access token using OAuth 2.0 ...

... access token using OAuth 2.0 device code flow. I am trying to get access token via OAuth 2.0 device authorization grant flow...

OAuth2 Authorization Code Flow

After users grant your application access to their data, Constant Contact sends you an access token that you use to make V3 API...