Search code examples
spring-bootoauth-2.0swagger-uiopenapispringdoc

Configuring Swagger UI for OAuth 2.0 in Spring Boot with Kotlin

I am trying to configure OpenAPI 3 for OAuth 2.0 with a configuration class in Spring Boot with Kotlin.

Even though I set oauth2RedirectUrl in application.yml, when I click authorize in swagger UI to get new token to send a request, redirect url doesn't work as expected and I get the default redirect url called something like that(I believe it's a default redirectUrl): &redirect_uri=http://localhost:8080/oauth2-redirect.html instead of (what i configured in application.yaml)

Access the Swagger-UI at http://localhost:8080/swagger-ui/index.html?queryConfigEnabled=true&url=/v3/api-docs

Then click the authorize button and use the preconfigured values.

enter image description here

The IdentityProviderController prints then the configured values, e.g. redirect_uri.

enter image description here The redirect_uri looks like http://localhost:8080/swagger-ui/oauth2-redirect.html and the swagger-ui:oauth2RedirectUrl path is missing. Even when it is configured in the application.yaml.

I added the following dependencies:

implementation("org.springdoc:springdoc-openapi-ui:1.6.14")
implementation("org.springdoc:springdoc-openapi-kotlin:1.6.14")
implementation("org.springdoc:springdoc-openapi-security:1.6.14")

and this is my application.yml

springdoc:
  api-docs:
    enabled: true
  swagger-ui:
    query-config-enabled: true
    oauth:
      client-id: <clientId>
      client-secret: <clientSecret>
      use-pkce-with-authorization-code-grant: true
    oauth2RedirectUrl: <redirectUrl>

and this here is my configuration class:

@Configuration
@OpenAPIDefinition
@SecurityScheme(
    name = "oauth2",
    type = SecuritySchemeType.OAUTH2,
    flows =
        OAuthFlows(
            authorizationCode =
                OAuthFlow(
                    authorizationUrl = "<authorizationUrl>",
                    tokenUrl = "<tokenUrl>",
                    scopes =
                        [
                            OAuthScope(name = "test1"),
                            OAuthScope(name = "test2"),
                            OAuthScope(name = "test3")],
                )))
open class OpenApiConfiguration {

  @Bean
  open fun customOpenAPI(): OpenAPI {
    return OpenAPI()
        .components(Components())
        .info(
            Info()
                .title("ABC Service Rest API")
                .description("description...")
                .version("1.0.0"))
  }
}

What am I missing here?

UPDATE: (17.02.2023)

After I am changing the redirect_uri in chrome with the correct one, then I can reach the Identity proverders' page, so I only need to find a way to set my redirectUrl configuration properly.

Solution

  • Adding redirect Url to whitelist of the identity provider solved the problem.