Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automatic token refresh for REST API with OpenID Connect authentication? #7257

Open
retrofreak83 opened this issue May 11, 2021 · 15 comments · May be fixed by #8053
Open

Automatic token refresh for REST API with OpenID Connect authentication? #7257

retrofreak83 opened this issue May 11, 2021 · 15 comments · May be fixed by #8053
Labels
cat: auth type: enhancement

Comments

@retrofreak83
Copy link

retrofreak83 commented May 11, 2021
edited

Q&A (please complete the following information)

  • OS: Linux Mint 20.1
  • Browser: Chromium
  • Version: 90.0.4430.93
  • Method of installation: by Springdoc 1.5.8
  • Swagger-UI version: 3.47.1
  • Swagger/OpenAPI versionOpenAPI 3.0

Content & configuration

I am developing an application having a REST API that is secured by Spring Security, using Keycloak to provide OpenID Connect functionalities.
The OpenAPI specification is generated using Springdoc. AFAIK, the correct way of getting SwaggerUI to authenticate against OpenID Connect is to use OpenID Connect Discovery.

Swagger/OpenAPI definition:

openapi: 3.0.1
info:
  title: NEW API
  description: This document specifies the API of NEW
  version: v0.1-SNAPSHOT
servers:
  - url: 'http://localhost:8080'
    description: Generated server url
security:
  - oidc: []
paths:
  /p/list:
    get:
      tags:
        - plugin-controller
      operationId: getAllOperations
      responses:
        '200':
          description: OK
          content:
            '*/*':
              schema:
                type: array
                items:
                  type: string
        '400':
          description: Bad Request
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/JSONResponse'
        '401':
          description: Unauthorized
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/JSONResponse'
        '403':
          description: Forbidden
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/JSONResponse'
        '500':
          description: Internal Server Error
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/JSONResponse'

components:
  schemas:
    JSONResponse:
      type: object
      properties:
        errorData:
          type: string
          description: the raw error data
        token:
          type: string
  securitySchemes:
    oidc:
      type: openIdConnect
      openIdConnectUrl: 'http://localhost:8888/auth/realms/new/.well-known/openid-configuration'

How can we help?

Authorization works well in principal, but the application needs to do a token refresh automatically and regularly.
Currently, I can send valid request to the API until the validity of the token acquired during login has expired.
In the SwaggerUI documentation, I did not find how to configure such a thing like token refresh.
Is SwaggerUI able to perform an automatic token refresh or is there eventually a possibility that the user can trigger it manually?
@Eli-Black-Work
Copy link

We're looking for this as well.

@major-mayer
Copy link

Same problem here using Swagger UI with FastAPI.
I can specify a refresh_url in the oauth2_schema, but this doesn't work as expected:

oauth2_scheme = OAuth2AuthorizationCodeBearer(
    authorizationUrl=ConfigHandler.get_config()["oauth2"]["authorization_server"]["authorization_url"],  # The endpoint to get the authorization token
    tokenUrl=ConfigHandler.get_config()["oauth2"]["authorization_server"]["token_url"],    # The endpoint to get the actual access token
    refreshUrl=ConfigHandler.get_config()["oauth2"]["authorization_server"]["token_url"]
)

@major-mayer major-mayer mentioned this issue May 18, 2021
Closed
3 tasks
@Eli-Black-Work
Copy link

We tried specifying refreshUrl, too, but weren't able to get it to work.

@eugcomax eugcomax mentioned this issue May 21, 2021
Closed
@labedzkim
Copy link

Having this would help much in testing our APIs.

@tim-lai
Copy link
Contributor

tim-lai commented Jun 10, 2021

afaik, Swagger UI does not currently have token refresh. Happy to accept contributions, especially in this subject of authorization/authentication. 😉

@tim-lai
Copy link
Contributor

tim-lai commented Jun 10, 2021

Thinking about this more, one might be able to use requestIntercepters to define custom handling to an auth request.

@alexted
Copy link

alexted commented May 4, 2022

Any progress on this problem? I also need this functionality.

@ralucaDascalu ralucaDascalu linked a pull request Jun 6, 2022 that will close this issue
Draft
17 tasks
@rakum23
Copy link

rakum23 commented Aug 24, 2022

Any progress on this? it will be great help for developers

@xianrui69
Copy link

function authorize() { if ($('.btn.authorize').length < 1) return; if (!web.getCookie('accessToken')) return; let a = { CoreAPI: { name: 'CoreAPI', schema: swg_ui.authSelectors.definitionsToAuthorize().get(0).get('CoreAPI'), value: 'Bearer ' + web.getCookie('accessToken') } } swg_ui.authActions.authorize(a) }

@rozzilla
Copy link

Any progress on this? it will be great help for developers

+1

@amanuel-girma
Copy link

I am also looking for this feature in swagger, is there any progress?

@ogurevich
Copy link

+1

@AswiniKumarV
Copy link

Is there any update on this feature? Do you know anything @tim-lai

@hjrb
Copy link

hjrb commented Dec 4, 2023

I'm suffering with you

@sajankp
Copy link

sajankp commented Jan 5, 2024
edited

Wished the fastapi docs could do this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cat: auth type: enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add support to refresh token automatically ralucaDascalu/swagger-ui