Swagger passes access_code by default to headers. Is it possible to pass id_token?
I'm documenting my NodeJS REST API with swagger.yaml version 2.0
Asked
Active
Viewed 5,888 times
1
BartusZak
- 1,041
- 14
- 21
-
Why would you want to pass an Id_token? and where would you want to pass it to? – Linda Lawton - DaImTo Jul 11 '19 at 07:56
-
1I have all my endpoints authorization based on `Authorization: "Bearer id_token"`. – BartusZak Jul 11 '19 at 08:08
-
2I have no idea why that would even work or why you would even do that. Id_tokens are not bearer tokens access tokens are. You might want to read up on the difference between open id connect and Oauth2 Sorry i cant help you with your question as your not using standard authorization and authentication practices – Linda Lawton - DaImTo Jul 11 '19 at 08:13
-
Thanks for that. Just wanted to know if it is possible coz would save me a lot of work. – BartusZak Jul 11 '19 at 09:41
-
1Actually you need to request the tokentype "token id_token" which results in a token containing scopes for user info endpoints (additional to the already requested scopes) - this is the thing i am looking for right now and I cant find a way to do it... – Ravior Jan 17 '20 at 08:30
-
@Ravior _"Actually you need to request the tokentype "token id_token" which results in a token containing scopes for user info endpoints"_ It depends on the identity provider and flow. This question is about [Google's OAuth 2.0 endpoint](https://developers.google.com/identity/protocols/OpenIDConnect) ( `https://accounts.google.com/o/oauth2/v2/auth`) which uses `response_type=code` aka authorization code flow. – Helen Jan 20 '20 at 15:26
-
@Ravior (cont.) Whereas `response_type=token id_token` is specific to OpenID Connect. OIDC is currently [not supported](https://github.com/swagger-api/swagger-ui/issues/3517) in Swagger UI, as I mentioned in [this answer](https://stackoverflow.com/a/59784134/113116) to your other question. – Helen Jan 20 '20 at 15:26
2 Answers
3
Yes this is possible even though it's not a good idea as mentioned by @DalmTo.
You need to add x-tokenName: id_token to the Google OAuth security definition in your API definition.
swagger: '2.0'
...
securityDefinitions:
google_oauth:
type: oauth2
description: Google OAuth
flow: accessCode
authorizationUrl: https://accounts.google.com/o/oauth2/v2/auth
tokenUrl: https://www.googleapis.com/oauth2/v4/token
x-tokenName: id_token # <-------
scopes:
...
Note: To use x-tokenName in OpenAPI 2.0 definitions you need Swagger UI 3.8.12+; to use it in OpenAPI 3.0 you need Swagger UI 3.25.0+.
Helen
- 87,344
- 17
- 243
- 314
-
-
Redirect URL can be changed by using the [`oauth2RedirectUrl`](https://github.com/swagger-api/swagger-ui/blob/master/docs/usage/configuration.md#user-content-oauth2redirecturl) parameter in the `SwaggerUIBundle({ ... })` constructor in your index.html. Make sure to actually host the [oauth2-redirect.html](https://github.com/swagger-api/swagger-ui/blob/master/dist/oauth2-redirect.html) page at this custom location, and also [register this redirect URL](https://stackoverflow.com/a/11485644/113116) in Google Cloud Console. – Helen Jan 20 '20 at 16:04
0
You can make Swagger or Nswagg use a different token (id_token or access_token) by setting the x-tokenName in the security configuration, such as following:
services.AddSwaggerDocument(config =>
{
config.PostProcess = document =>
{
document.Info.Title = "API OpenBankWeb";
document.Info.Description = "Uma simples Web API feita em ASP.NET Core consumindo AWS.\nClique nos títulos abaixo para expandir.";
};
config.AddSecurity("oauth2", new NSwag.OpenApiSecurityScheme
{
Type = OpenApiSecuritySchemeType.OAuth2,
ExtensionData = new Dictionary<string, object>
{
{ "x-tokenName", "id_token" }
},
Flows = new OpenApiOAuthFlows
{
AuthorizationCode = new OpenApiOAuthFlow
{
AuthorizationUrl = _domain + "/oauth2/authorize",
TokenUrl = _domain + "/oauth2/token"
}
}
});
This can be very handy when using AWS Cognito, since it uses only id token for authentification.
