[
https://issues.apache.org/jira/browse/CXF-7137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15701766#comment-15701766
]
Sergey Beryozkin commented on CXF-7137:
---------------------------------------
I've re-read your comments and checked some resources and I think I understand
how the whole process works now, thanks. I've added a Map of
SecuritySchemeDefinitions property to Swagger2Feature to make it easier to set
these definitions.
But this issue is really about ensuring Swagger UI sends correct client_id/etc
to the OAuth2 authorization service.
Swagger2Feature does not ship SwaggerUI. I believe you'd need to expand swagger
UI like this:
https://github.com/apache/cxf/blob/master/distribution/src/main/release/samples/jax_rs/description_swagger/pom.xml#L63
but also ship a custom index.html where you will define clientId/etc variables
for swagger-oauth.js to correctly identify them. I've just checked
swagger-ui-2.1.8-M1, initOAuth is commented out in index.html. So I think it is
the only way right - ship the custom index.html.
IMHO the better option is for SwaggerUI (swagger-oauth.js) to auto-enable the
text fields which will let the user enter client_id/etc if OAuth2 security
scheme definition is available to avoid customizing index.html - please
consider creating a pull request against Swagger UI.
I honestly do not see what else we can do at the CXF level apart from the
update I did to make it easier to add the security definitions.
> Allow OAuth2 customization via Swagger2Feature
> ----------------------------------------------
>
> Key: CXF-7137
> URL: https://issues.apache.org/jira/browse/CXF-7137
> Project: CXF
> Issue Type: Improvement
> Components: JAX-RS
> Affects Versions: 3.1.8
> Reporter: Alexander K.
> Assignee: Sergey Beryozkin
>
> It seems that there is no way to customize initOAuth() details like clientId,
> clientSecret, realm, appName, etc. for SwaggerUI-OAuth integration. This will
> allow Swagger-UI authorization for protected CXF REST services by an
> authorization server such as Keycloak.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
