Comments (2)
The reason is you don't decorate swagger-ui view function with OIDC and you can't because swagger-ui is provided by the 3rd party package. What you should do is document the authorization of your APIs for Swagger. Swagger-ui has its own authorization implemented and it will obtain the access token from IdP independent of Falsk-pyoidc. You also have to register redirect URI of Swagger in your IdP's client settings.
This is how to document authorization of your APIs for Swagger.
authorizations = {
'oauth2': {
'type': 'oauth2',
'flow': 'accessCode', # authorizationCode in OpenAPI 3.0
# 'flow': 'application', # clientCredentials in OpenAPI 3.0
# 'flow': 'implicit',
'authorizationUrl': 'https://idp.example.com/auth,
'tokenUrl': 'https://idp.example.com/token,
'clientId': 'client_id123',
'scopes': {
'openid': 'Get ID token',
}
}
}
Swagger sends access token in the request header so make sure your views are decorated with either @auth.token_auth
or @auth.access_control
. @auth.oidc_auth
is only meant to be used for browser-agents, not for the rest API clients.
@zamzterz You can mark this issue as closed. v3.10 fixed this issue with swagger.
from flask-pyoidc.
I haven't tested this with a SwaggerUI-implementation, so I don't fully understand why it works by loading it in a different tab? Is there some minimal example you could provide to reproduce?
In general though, if no cookies are passed with the request it will unfortunately fail. The session cookie is associated with necessary internal Flask-pyoidc state.
from flask-pyoidc.
Related Issues (20)
- Provide option for discovery URI HOT 2
- How to configure redirect URI in multi-domain setup? HOT 1
- Extra args for token request HOT 1
- Continue Maintaining This Extension HOT 3
- Sdist request HOT 2
- Verify IDToken fails "Issued in the future"
- Please upgrade oic to 1.5.0 HOT 3
- Edited: If for some reason your OP uses cookies, cookies from the first authentication may break subsequent auth attempts in server-side calls to /token or /userinfo. Therefore, set a rule to block all cookies in a requests.Session object and pass that into your ProviderConfiguration declaration HOT 1
- Expired JWT tokens in session HOT 2
- Example does not demonstrate the usage of OIDC_REDIRECT_URI? HOT 1
- Token is valid but required audience is missing HOT 1
- BaseSettings has been moved to the pydantic-settings HOT 3
- Duplicate call to handle_provider_config causing duplicate keys being loaded in keyjar HOT 3
- Provide a way to check for access token, but not require it HOT 3
- Flow error - Grant-Type defaulting to Authorization Token instead of implicit when response_type set as id_token HOT 2
- Keycloak connection being dropped
- Pass the configuration options in `init_app` HOT 4
- Invalid authorization headers raise an exception HOT 1
- Detailed error statuses HOT 2
- Problem: Incorrect redirect URL after successful login HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from flask-pyoidc.