Search code examples
springkotlinswaggerswagger-uispringfox

Multiple Springfox SecurityConfigurations for different oauth clients

Is it possible to configure multiple SecurityConfigurations?

With SecurityConfigurations its possible to set the Client-ID and Secret for OAuth client:

@Bean
fun swaggerSecurityConfiguration() =
        SecurityConfigurationBuilder.builder()
                .clientId(CLIENT_ID)
                .realm(REALM)
                .appName(APP_A)
                .additionalQueryStringParams(mapOf("nonce" to UUID.randomUUID().toString()))
                .build()

For a single client it works like charm:

working example

Question: How to configure springfox in case you have multiple oauth2 client Id?

@Bean
fun api(): Docket {
    return Docket(DocumentationType.SWAGGER_2)
            // ...
            .securitySchemes(listOf(appA_AuthSecuritySchema(), appB_AuthSecuritySchema()))
            .securityContexts(listOf(appA_AuthSecurityContext(),appB_OAuthSecurityContext()))
}

I couldn't find any way to relate the securitySchemas to different SecurityConfigurations.

Solution

  • Have you considered splitting your API into multiple dockets with each getting its open security setup?

    Some additional information here: Configure security schemas and contexts in Springfox and Spring MVC

    By the way, just an FYI, but Springfox is dead. I resisted moving off of it for a while, hoping the guy would come around because it seemed like a big task to migrate to SpringDoc. The migration wasn't too bad actually and I was using a lot of Springfox annotation functionality. Springfox has got lots of issues and no support. Almost 700 open issues. Plus you'll be stuck in the Swagger2 realm forever with Springfox when everything has moved on to Open API.