I have Swagger 2 configs set up to connect to our OAuth2 accesstoken URL.
It is able to connect to the URL without issue when connected using the Apigee URL, but when I go to execute the POST request, I get an Invalid access token error. (See stack-trace below)
I've verified the URL, client id & secret using curl, and that works. And I've verified that when I use the provided token -H "Authorization: Bearer ********token*********" in my curl POST command, that that works correctly.
However, it doesn't appear that I've properly configured Swagger to create the "Bearer" header as it doesn't show up in the curl command displayed in swagger
After Authorizing through Swagger:
Manual Curl Command to generate token:
curl -k -v -X POST -u *****************:*************** -d "grant_type=client_credentials" https://***********************/oauth/accesstoken
accesstoken response body:
{
"refresh_token_expires_in" : "0",
"api_product_list" : "[********, ********]",
"api_product_list_json" : [ "********", "********" ],
"organization_name" : "********",
"developer.email" : "********",
"token_type" : "BearerToken",
"issued_at" : "********",
"client_id" : "************************",
"access_token" : "************************",
"application_name" : "********-****-****-****-********",
"scope" : "",
"expires_in" : "1799",
"refresh_count" : "0",
"status" : "approved"
}
Successful Manual Curl command to access endpoint:
curl -k -v -X POST "https://*********************/start" -H "accept: application/json" -H "Content-Type: application/json" -H "Authorization: Bearer *****************" -d "{}"
Failing Curl Command generated by swagger:
curl -X POST "https://*********************/start" -H "accept: application/json" -H "Content-Type: application/json" -d "{}"
Swagger Error Message:
{
"fault": {
"faultstring": "Invalid access token",
"detail": {
"errorcode": "oauth.v2.InvalidAccessToken"
}
}
}
POM.xml:
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger2</artifactId>
<version>2.9.2</version>
</dependency>
<dependency>
<groupId>io.springfox</groupId>
<artifactId>springfox-swagger-ui</artifactId>
<version>2.9.2</version>
</dependency>
Swagger Configs:
@Configuration
@EnableSwagger2
public class SwaggerConfig {
@Value("${swagger.host:}")
private String swaggerHost;
@Value("${swagger.basePath:}")
private String swaggerBasePath;
@Value("${swagger.oauth2.security.schema:oauth2}")
private String securitySchemaOAuth2;
@Value("${swagger.oauth2.token.request.url:}")
private String oauthTokenRequestURL;
@Autowired
ServletContext servletContext;
@Bean
public Docket api() {
return new Docket(DocumentationType.SWAGGER_2)
.host(swaggerHost)
.pathProvider(new RelativePathProvider(servletContext) {
@Override
public String getApplicationBasePath() {
return swaggerBasePath;
}
})
.select()
.apis(RequestHandlerSelectors.withClassAnnotation(Api.class))
.paths(PathSelectors.any())
.build()
.apiInfo(apiInfo())
.securitySchemes(Collections.singletonList(oauth()))
.securityContexts(Collections.singletonList(securityContext()))
.useDefaultResponseMessages(false);
}
private OAuth oauth() {
List<AuthorizationScope> authorizationScopeList = new ArrayList<>();
List<GrantType> grantTypes = new ArrayList<>();
GrantType creGrant = new ClientCredentialsGrant(oauthTokenRequestURL);
grantTypes.add(creGrant);
return new OAuth("oauth2schema", authorizationScopeList, grantTypes);
}
private ApiInfo apiInfo() {
return new ApiInfoBuilder()
.title("Blah")
.description("Blah")
.version("2019.0.1")
.contact(new Contact("Blah", "", ""))
.build();
}
private SecurityContext securityContext() {
return SecurityContext
.builder()
.securityReferences(defaultAuth())
.forPaths(PathSelectors.regex("/.*"))
.build();
}
private List<SecurityReference> defaultAuth() {
final AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
final AuthorizationScope[] authorizationScopes = new AuthorizationScope[] { authorizationScope };
return Collections.singletonList(new SecurityReference(securitySchemaOAuth2, authorizationScopes));
}
}
