I am trying to get Swagger UI to successfully authorize to a oidc-provider instance.
I have set up a minimal (as possible) instance on glitch here: https://glitch.com/~copper-vise
What it does is:
- have swagger UI on /doc serving the definition from the swagger.yaml file
- run the oidc provider with minimal configuration and dev interactions.
The problem is that I don't seem to be able to get the two work together. It seems like it could be a Swagger UI bug, but considering my lack of experience with oidc it might simply be a configuration issue.
To try, click the "Authorize" button on the swagger interface, use foo and bar for the client_id and client_secret, check at least the openid scope and click "Authorize". At this point you should get a login prompt. Enter anything you like and login. At this point the swagger UI should be having a token, but I never got it that far.
What I'm getting instead is a invalid_client error, it seems like the oidc-provider expects an authorization request header that the Swagger UI is not providing. The "implicit" flow does not seem to work at all either. As far as I can tell, these are the two flows that the oidc-provider supports (with this configuration?).
I'm stuck, not sure where to go from here. It seems like the right combination of the openapi securitySchemes configuration in the swagger.yaml file and the oidc-provider and client options should get this running.
