0

Currently, we use a third-party program (Postman) to send authentication requests to the /oauth/token endpoint in order to create access tokens. Afterwards we paste the token into our swagger-ui page where we can request information.
I want to allow my users to generate an access token from our swagger-ui page. I have already exposed the /oauth/token endpoint by adding it to the docket's path

  @Bean
  public Docket api() {
    return new Docket(DocumentationType.SWAGGER_2)
        .groupName("version 2")
        .select()
        .apis(Predicates.not(RequestHandlerSelectors.basePackage("org.springframework.boot")))
        .paths(new Predicate<String>() {
          @Override
          public boolean apply(final String input) {
            return PathSelectors.regex("/oauth/token").apply(input)
          }
        })
        .build()
        .apiInfo(this.apiInfo("2"))
        .securitySchemes(Arrays.asList(this.authTok(), this.apiKey()))
        .securityContexts(Arrays.asList(this.securityContext))
        .useDefaultResponseMessages(false);
  }

The picture linked here is of the token-endpoint controller in our swagger-ui page.
https://i.stack.imgur.com/Iwyny.png
I am unsure how to use this, though. If I ignore the required queryparam, and click 'Execute' it just shows the loading buffer wheel. If I provide an input for either queryparam, and execute, a dialog box appears that asked for a username and password. The only input that it seems to accept is the username and password of Basic Auth (commonly 'trusted-client' and 'secret'). What are the expected values of the two query parameters? Is there a way to change the queryparameters for this endpoint?

EDIT:
To clarify, we are currently using Password Grant flow. when we make a request with Postman, we provide the user's username and password in an encoded form to the API and the Basic Auth as a header in the request

with curl (we use curl for our automated testing scripts) the request looks like this:

curl -X POST "http://domain/oauth/token" -H "Authorization: Basic xxxxxxxxxxxxx" -H "Content-type: application/x-www-form-urlencoded" --data-urlencode grant_type='password' --data-urlencode username='xxxxxxx' --data-urlencode password='xxxxxxxx'

however when we make requests to any other endpoint we require the bearer token in an Authorization header

curl -X GET "http://domain/pets" -H "accept: application/json" -H "Content-Type: application/json" -H "x-api-key: xxxxxxxxx" -H "Authorization: bearer xxxxxxxxxx"
Charles
  • 1
  • 1
  • I take it that you are using the password grant flow to get the token from the OAuth provider? – Turing85 Aug 26 '21 at 20:13
  • that is correct, I have since added information to the question description about that – Charles Aug 27 '21 at 15:36
  • See: [How to configure oAuth2 with password flow with Swagger ui in spring boot rest application](https://stackoverflow.com/questions/42054384/how-to-configure-oauth2-with-password-flow-with-swagger-ui-in-spring-boot-rest-a) – Turing85 Aug 27 '21 at 19:39

0 Answers0