Broken security definition reference from security requirement for OAuth2 #219
Comments
Kieun
added a commit
to Kieun/restdocs-api-spec
that referenced
this issue
Jan 4, 2023
ozscheyge
pushed a commit
that referenced
this issue
Jan 4, 2023
wodrobina
pushed a commit
that referenced
this issue
Mar 4, 2024
* Update version number in README * fix: better management of numbers in OpenApi3Generator (#202) Co-authored-by: Jordan GAZEAU <jordan.gazeau@soprabanking.com> * Add project status notice (#209) * Add project status notice * Add link to maintenance issue * Upgrade gradlew to 7.4.2 (#214) * Fix extracting standard scope claim in OAuth2 JWT (#218) fixes #217 This fixes does not break current implementation of treating scope claim as List<String> * Fix broken security definition reference from security requirement for OAuth2 (#220) Fixes #219 * Make classes in restdocs-api-spec modules visible (#223) Fixes #222 * Polish README.md (#227) (cherry picked from commit 213f9e4) * docs: update FieldDescriptors example (#232) * docs: update FieldDescriptors example * docs: add new symbol for java (cherry picked from commit 26cd0dd) * feat: add support for contact object (#208) * feat: add support for contact object Closes #88 * docs: add documentation on how to define contacts (cherry picked from commit 2842c43) * Tabs to spaces (cherry picked from commit 2f5d1e2) * Drop usage of TravisCI (#236) GH-235 (cherry picked from commit 0b5d511) * Add GitHub Actions and Sonar support (#237) GH-235 (cherry picked from commit ac1600f) * Increase MaxMetaspaceSize (cherry picked from commit 1688a77) * ci: fix publish script name (cherry picked from commit 47f2173) * ci: ignore samples for code coverage report (#239) (cherry picked from commit 4893605) * docs: update readme [skip ci] (#238) GH-235 (cherry picked from commit de0c1ab) * feat: apply field optional (#244) * feat: apply field optional * fix lint (cherry picked from commit 4c735ca) * Feat : apply optional is nullable (#245) * feat: apply optional is nullable * chore: refactoring * chore: remove needless * fix deprecated * fix for test (cherry picked from commit 2900374) * Feat : Schema reuse through subschema (#246) * feat : Input a name for the subschema * feat : Input a name for the subschema * feat : Make sub schema * fix: lint * fix: requested & Suggested (cherry picked from commit 437d7da) * Fix to get regexp properly from the pattern constraint (#247) (cherry picked from commit c631886) * Keep supporting 0.16.x train to support Spring Boot 2.7.x and cherry-pick the latest features and fixes. --------- Co-authored-by: Oliver Zscheyge <o.zscheyge@epages.com> Co-authored-by: Jojo <45284640+jgazeau@users.noreply.github.com> Co-authored-by: Jordan GAZEAU <jordan.gazeau@soprabanking.com> Co-authored-by: Jan Mewes <jan.mewes@ks-plus.org> Co-authored-by: Oliver <ozscheyge@users.noreply.github.com> Co-authored-by: Johnny Lim <izeye@naver.com> Co-authored-by: Taeyang Jin (Heli) <sun@dataportal.kr> Co-authored-by: Marcos Paulo Belasco de Almeida <me@marcosalmeida.dev> Co-authored-by: Jan Mewes <jan.mewes@epages.com> Co-authored-by: Xeroman.K <81915068+xeromank@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When generating open api v2 or open api v3 spec with OAuth2 protected APIs, the generated spec does not correctly refer the security definition from the security requirement in the each path definition.
This leads that swagger UI does not properly set the given OAuth2 credential when calling OAuth2 protected APIs.
While digging the issue, I've found that security definition reference is broken from the security requirement.
In current implementation in case of OAuth2 protected APIs, the security definition name is hard-coded with
oauth2.So, when trying to refer such definition for the swagger UI to populate given credential when calling OAuth2 protected APIs, we should use
oauth2.But, when creating OAS2 and OAS3 documentation, current implementation composes the such reference name with
oauth2and following postfix_$flowwhich stands for one of OAuth flow (implicit,clientCredentials,access_codeand etc.) and adds composed name in the security requirement field.For example., if OAuth2 security definition supports OAuth2
clientCredentialsandimplicitflows, then the reference names are created:oauth2_clientCredentialsandoauth_implicitwhich do not refer anything to the security definition.To fix this problem
The text was updated successfully, but these errors were encountered: