Swagger - oauth2

Hi, is there any way at the present to supply an oauth2 bearer token within the request generated by the buit-in swagger plugin?
i’m aware about the feature request , I wonder if there’s a temporary workaround in order to use the swagger ui against api protected by an oauth2 bearer token: I’ll take care to generate the token, I simply have to include it within the swagger request.

There isn’t a way to include it in the Swagger UI, but if you authenticate via OAuth outside of Swagger you should be Authenticated when you go back to use the Swagger UI.

I’ve been able to include a previously-generated oauth2 bearer token following those steps against SS swagger plugin v52

I override following files

/swagger-ui

  • index.html
  • patch.js (empty - disabled)

within index.html I customized the addApiKeyAuthorization as following

  function addApiKeyAuthorization() {
    var key = $('#input_apiKey')[0].value;
    log("key: " + key);
    if(key && key.trim() != "") {
        log("added key " + key);
    	//window.authorizations.add("api_key", new ApiKeyAuthorization("api_key", key, "query"));
        swaggerUi.api.clientAuthorizations.add("key", new ApiKeyAuthorization("Authorization", 'Bearer ' + key, "header"));
    }
  }

within the text box between url and explore button, I pasted a valid bearer token before calling a given api

Of course UI can be improved, but I assume that’s the minimal effort to use current v52 swagger plugin against api protected by standard OAuth2 authorization.

Any plan to upgrade swagger plugin to swagger 2.0?

why current SS swagger default index.html has “initOAuth” call commented out?

There’s no current plan, Swagger 2.0 will effectively require a rewrite and Swagger 1.x has been painstaking to support to get it to its current state. It looks as though it will require less effort to build a new UI than trying to follow Swagger’s rolling breaking specs. A custom UI would also be able to provide a richer UX around ServiceStack’s Services and features so that will likely be the preferred option in future.

This initOAuth call? It’s never been uncommented, clearly it’s just sample code that doesn’t make sense with those hard-coded example values.

Yes, that’s the js function I pointed out.

Yes, sure make sense to have it commented out, sorry about that.

I’m straggling to use the current swagger 1.2 oauth2 support. Any suggestion about the required customization to the index.html in order to trigger the oauth2 ballet?

I added a custom button within the index.html page to call handleLogin and now shows the OAuth2 - Autorize modal. I noticed the lib/swagger-oauth.js contains all the plumbings to handle the ballet, but I didn’t get how to configure OAuth STS endpoint and desired flow: I assume I have to fill the authSchemes structure but how and where?

I’d be surprised if it could work given it doesn’t know anything about ServiceStack’s OAuth Providers, end points or Sessions cookies. Only way I see it working is to fake the OAuth callback at the selected /auth/{provider} endpoint, but no idea how to do that with Swagger’s OAuth support, which is why I’ve just suggested to authenticate outside of Swagger first to establish an authenticated session for subsequent Swagger requests.

Yes, you are right: nothing to do w/ SS, that’s just a swagger matter.

I’m trying to use swagger itself to execute the OAuth2 ballet from the swagger-ui.

Thanks for you SS auth tip, but I’m not planning to add SS authentication for the services/api: currently all my apis require a bearer token on each call