[
https://issues.apache.org/jira/browse/CXF-7137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15673577#comment-15673577
]
Sergey Beryozkin commented on CXF-7137:
---------------------------------------
OK, thanks.
So we have a confidential OAuth2 (web server) client.
Can you please address my earlier question. This client does not want to let
anyone else see this secret. This client will only use this secret to talk to
AccessTokenService. Letting the users to Try it Out via Swagger UI would be a
potential security issue. What am I missing ? cheers
> Allow OAuth2 customization via Swagger2Feature
> ----------------------------------------------
>
> Key: CXF-7137
> URL: https://issues.apache.org/jira/browse/CXF-7137
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS
> Affects Versions: 3.1.8
> Reporter: Alexander K.
>
> It seems that there is no way to customize initOAuth() details like clientId,
> clientSecret, realm, appName, etc. for SwaggerUI-OAuth integration. This will
> allow Swagger-UI authorization for protected CXF REST services by an
> authorization server such as Keycloak.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
