Swagger-ui: Support "x-tokenName" as in swagger-ui 2 for choosing another OAuth2.0 token field

Created on 9 Jan 2018  路  10Comments  路  Source: swagger-api/swagger-ui

| Q | A
| ------------------------------- | -------
| Bug or feature request? | Feature request
| Which Swagger/OpenAPI version? | OpenAPI 2.0
| Which Swagger-UI version? | Swagger 3.9.0
| How did you install Swagger-UI? | Official Docker image
| Which browser & version? | Latest Chrome
| Which operating system? | Win

Swagger-UI 2 supported reading a "x-tokenName" property from a "oauth2" entry in "securityDefinitions", see also PR #2587
That was used in order to select another JSON field (other to "access_token") in the token response from a OAuth2.0 server.

For example Google OAuth2.0 sends back a token in form:

{
 "access_token": "....",
 "token_type": "Bearer",
 "expires_in": 3599,
 "id_token": "...."
}

Swagger-UI 3.9.0 can only send the "access_token" to the backend for "try out".
In Swagger-UI 2 one could choose to use the "id_token" instead.

Demonstration API definition

securityDefinitions:
  Google:
    type: oauth2
    description: Use "OAuth2.0" with your Google-ID.
    authorizationUrl: https://accounts.google.com/o/oauth2/v2/auth
    tokenUrl: https://www.googleapis.com/oauth2/v4/token
    x-tokenName: id_token
    flow: accessCode
    scopes:
      openid: Access your Google-ID

Expected Behavior

The previously supported x-tokenName can be used in order to select another field from the token JSON as bearer token.

Current Behavior

The x-tokenName is ignored.

Possible Solution

Context

Trying to use the "id_token" instead of the "access_token" so that the backend does not need to retrieve the "id_token" again with the "access_token".

auth feature
Source
picture thjaeckle
👍9

Most helpful comment

x-tokenName is now also supported for OpenAPI 3.0 definitions in Swagger UI 3.25.0.

picture hkosova on 20 Jan 2020
🎉5

All 10 comments

Any workarounds?

RehanSaeed picture RehanSaeed on 23 Feb 2018

From what I can tell, this behavior is now controlled by the swagger-js library.

ngraef picture ngraef on 22 Mar 2018

@ngraef & @RehanSaeed Did you happen to apply the x-tokenName support? I backed some local nuget packages based on the proposed fix/PR from @ngraef But I haven't found a way to configure the tokenname from the serverside. Because of the strong typing, I cannot easily add a "x-tokenName" property to the OAuth2Scheme.

The only thing I want is Azure AD support using oauth.

saberone picture saberone on 28 May 2018

Fixed by https://github.com/swagger-api/swagger-js/pull/1278.

shockey picture shockey on 7 Sep 2018
🎉1

For information, the fix is not working for an openapi 3 swagger file.

richardsinelle picture richardsinelle on 17 Dec 2018

Reopening per @richardsinelle's note re: lack of OpenAPI 3.0 support.

shockey picture shockey on 15 Jan 2019

Can I help with this? Would like to see this added into 3 as well :)

mlapaglia picture mlapaglia on 16 Apr 2019

It is already working.
https://stackoverflow.com/questions/56982278/swagger-with-google-oauth-2-0-authorization

BartusZak picture BartusZak on 11 Jul 2019

@BartusZak x-tokenName is currently supported for OpenAPI 2.0 definitions only. This issue is kept open to also support x-tokenName for OpenAPI 3.0.

hkosova picture hkosova on 11 Jul 2019

x-tokenName is now also supported for OpenAPI 3.0 definitions in Swagger UI 3.25.0.

hkosova picture hkosova on 20 Jan 2020
🎉5
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ankon picture ankon  路  4Comments
deepumi picture deepumi  路  3Comments
SangeetaGulia picture SangeetaGulia  路  4Comments
insideshell picture insideshell  路  3Comments
fehguy picture fehguy  路  3Comments