Swagger OAUTH Proxy to avoid CORS issue #2796
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Greetings,
While integrating Swagger with my application, I encountered issue #5104 related to authentication in the Swagger UI. To address this, I implemented a workaround that enables the application to act as a proxy between the OAuth provider (Keycloak, in this case) and the Swagger UI.
This pull request generalizes my solution into a configuration option for the springdoc-openapi dependency, enabling easier adoption in similar use cases.
Summary of Changes
This pull request introduces the following configuration options for enabling and managing an OAuth proxy in Swagger UI. Here we have some example values:
How to Use
To enable this feature in your application, follow these steps:
1. Add the configuration shown in the Summary section in your application properties
In case your authentication provider adheres to OpenID Connect and you have defined the Spring Security OAuth2 client properties using issuer URI, then you could reference the token URI via the issuer URI:
springdoc.swagger-ui.oauth-proxy.oauth-token-uri=${spring.security.oauth2.client.provider.my-oauth-server.issuer-uri}/protocol/openid-connect/token
2. Add an OpenAPI Configuration Class
Create a configuration class with the following annotations and setup:
Mainly this is an example, the most important parts to take into account are inside the
@SecurityScheme
:and inside the
@OAuthFlow
referencing the proxy path:3. Configure the Security Filter Chain
If the user has a SecurityConfig class, it might look like this:
To use this proxy the user needs to
@Autowired
the OauthProxy properties:And add add the proxy path to
SecurityFilterChain
to allow POST requests:Additional notes
issue #1650
issue #2277
Please let me know if further details or changes are required. Sorry for the clumsiness, and thank you for considering this contribution! It is actually my first one.