Can Access Tokens be automatically sent from Open Api 3 for OAuth 2.0 authentication?

Question

I have an Spring Boot 3 app. I use Keycloak and Open Api 3. Open Api (swagger) works fine for get methods, but not for post. For POST methods I get a 403. I see that I can configure OpenApi so that I can send manually an access token, but I find it very ugly.

Is there really no way to make open api send a request with the credentials towards Keycloak, get the token from response and add it in the header when a request to an endpoint is made?

score 0 · Answer 1 · answered Jul 06 '23 at 14:26

I found the issue. In spring boot 3, http.csrf(Customizer.withDefaults()) actually means that csrf protection is enabled. As Keycloak uses an access token, we don't need csrf protection. So I just disabled it with http.csrf().disable(). Now everything works.

Can Access Tokens be automatically sent from Open Api 3 for OAuth 2.0 authentication?

1 Answers1