[英]Getting Swagger UI oauth2 work with oidc-provider
I am trying to get Swagger UI to successfully authorize to a oidc-provider instance. 我正在尝试使Swagger UI成功授权给oidc-provider实例。
I have set up a minimal (as possible) instance on glitch here: https://glitch.com/~copper-vise 我在这里设置了一个关于故障的最小(尽可能)实例: https : //glitch.com/~copper-vise
What it does is: 它的作用是:
The problem is that I don't seem to be able to get the two work together. 问题是我似乎无法将两者结合起来。 It seems like it could be a Swagger UI bug, but considering my lack of experience with oidc it might simply be a configuration issue. 看来这可能是Swagger UI的错误,但是考虑到我对odc缺乏经验,这可能只是配置问题。
To try, click the "Authorize" button on the swagger interface , use foo
and bar
for the client_id
and client_secret
, check at least the openid scope and click "Authorize". 要尝试,请在swagger界面上单击“授权”按钮,对client_id
和client_secret
使用foo
和bar
,至少检查openid范围,然后单击“授权”。 At this point you should get a login prompt. 此时,您应该会看到一个登录提示。 Enter anything you like and login. 输入您喜欢的任何内容并登录。 At this point the swagger UI should be having a token, but I never got it that far. 在这一点上,庄重的UI应该有一个令牌,但是我还没有做到这一点。
What I'm getting instead is a invalid_client
error, it seems like the oidc-provider expects an authorization request header that the Swagger UI is not providing. 相反,我得到的是invalid_client
错误,似乎oidc-provider期望Swagger UI不提供授权请求标头。 The "implicit" flow does not seem to work at all either. “隐式”流程似乎也不起作用。 As far as I can tell , these are the two flows that the oidc-provider supports (with this configuration?). 据我所知 ,这是oidc-provider支持的两个流程(使用此配置?)。
I'm stuck, not sure where to go from here. 我被困住了,不知道从这里去哪里。 It seems like the right combination of the openapi securitySchemes configuration in the swagger.yaml
file and the oidc-provider and client options should get this running. 似乎swagger.yaml
文件中的openapi securitySchemes配置以及oidc-provider和client选项的正确组合应该可以使它运行。
It seems swagger is sending client_secret_post
client authentication, the default on the IdP is client_secret_basic
. 似乎大张旗鼓地发送client_secret_post
客户端身份验证,IdP上的默认值为client_secret_basic
。 If you change the client configuration on the IdP to match the scheme the client is actually using it'll work. 如果您更改IdP上的客户端配置以匹配该方案,则该客户端实际正在使用该方案。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.