Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

swagger UI for Spring Boot API : How to add “audience” in request body for authorising “client credentials” flow #60

Open
ShradhaFielddata opened this issue Apr 24, 2019 · 0 comments
Open

swagger UI for Spring Boot API : How to add “audience” in request body for authorising “client credentials” flow #60

ShradhaFielddata opened this issue Apr 24, 2019 · 0 comments

Comments

@ShradhaFielddata
Copy link

I have generated swagger UI documentation from my spring boot API, the API is secured using oauth2 client credentials grant from auth0.

The problem is that:
In the swagger configuration, I am unable to set the "audience" request body parameter while authorisation.
Thus, swagger ui is not authenticating the API.

I am following this documentation:
https://www.baeldung.com/swagger-2-documentation-for-spring-rest-api

pom.xml:

	<dependency>
	    <groupId>io.springfox</groupId>
	    <artifactId>springfox-swagger-ui</artifactId>
	    <version>2.9.2</version>  
	</dependency>
	
	<dependency>
	    <groupId>io.springfox</groupId>
	    <artifactId>springfox-swagger2</artifactId>
	    <version>2.9.2</version> 
	</dependency>

SwaggerConfig.Java:

	@Configuration
	@EnableSwagger2
	public class SwaggerConfig {                                    
	
	
	String token_endpoint = "xxxx";
	
	
		@Bean
		public Docket api() {                
		    return new Docket(DocumentationType.SWAGGER_2)          
		      .select()                                       
		      .apis(RequestHandlerSelectors.basePackage("xxxx.controller"))
		      .paths(PathSelectors.any())                     
		      .build()
		      .apiInfo(apiInfo())
		      .useDefaultResponseMessages(false)
		      .securitySchemes(Arrays.asList(securityScheme()))
		      .securityContexts(Arrays.asList(securityContext()));
		}
		
	    	
	
	
		private ApiInfo apiInfo() {
		    return new ApiInfo(
		      "xxxx API", 
		      "Some description of API.", 
		      "xxxx", 
		      "Terms of service", 
		      new Contact("xx", "xxxx", "xxxx"), 
		      "License of API", "xxxx", Collections.emptyList());
		} 
	  
		
		
	    public void addResourceHandlers(ResourceHandlerRegistry registry) {
		    registry.addResourceHandler("swagger-ui.html")
		      .addResourceLocations("classpath:/META-INF/resources/");
		 
		    registry.addResourceHandler("/webjars/**")
		      .addResourceLocations("classpath:/META-INF/resources/webjars/");
		}
	    
	   @Bean
	    public SecurityConfiguration security() {
		   
		   
	        return SecurityConfigurationBuilder.builder()
	        	.appName("xxxx")
	            .clientId("")
	            .clientSecret("")
	            .build();
	        
	    }
	    
	    private SecurityScheme securityScheme() {
	        GrantType grantType = new ClientCredentialsGrant(token_endpoint);
	        SecurityScheme oauth = new OAuthBuilder().name("spring_oauth")
	            .grantTypes(Arrays.asList(grantType))
	            .build();
	        return oauth;
	    }
	   
	    
	
		private SecurityContext securityContext() {
	        return SecurityContext.builder()
	          .forPaths(PathSelectors.any())
	          .build();
	    }  
	    
	
	    
	}

The response is as 403 Forbidden and this is because, I am not able to provide "audience" in the request body during authorization:

"error_description": "Non-global clients are not allowed access to APIv1"

Screenshot 2019-04-23 at 16 19 30__01__01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ShradhaFielddata