github - GitHub OAuth2 和 Swagger UI
问题描述
我正在尝试将 Swagger UI 与 OAuth2 身份验证一起使用。我使用 GitHub 作为 OAuth2 提供者。OpenAPI 规范配置如下:
security:
- github-oauth2:
- read:user
components:
securitySchemes:
github-oauth2:
type: oauth2
description: GitHub OAuth2
flows:
authorizationCode:
authorizationUrl: https://github.com/login/oauth/authorize
tokenUrl: /github/login/oauth/access_token
scopes:
read:user: Read user info
当我单击该图标进行身份验证时,将打开以下弹出窗口:
当我单击“授权”时,我可以看到执行了以下 Ajax 调用:
curl 'https://github.com/login/oauth/access_token' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-raw 'grant_type=authorization_code&code=e84fe8fbcfc14f3ea7eb&client_id=20352f8b20b8b15760e7&client_secret=xxxxxxx&redirect_uri=https%3A%2F%2Flocalhost%2Foauth2-redirect.html' \
--compressed \
--insecure -D - -o output.txt
响应代码为 200,但正文包含错误:
error=bad_verification_code&error_description=The+code+passed+is+incorrect+or+expired.&error_uri=https%3A%2F%2Fdocs.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-oauth-app-access-token-request-errors%2F%23bad-verification-code
响应的标头是:
Date: Sat, 07 Nov 2020 21:13:03 GMT
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Transfer-Encoding: chunked
Server: GitHub.com
Status: 200 OK
Vary: X-PJAX
ETag: W/"247b44249fccede96d6031934fdd6443"
Cache-Control: max-age=0, private, must-revalidate
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Vary: Accept-Encoding, Accept, X-Requested-With
Vary: Accept-Encoding
X-GitHub-Request-Id: E67D:B003:F0125B:1586D8A:5FA70DDF
我不确定我做错了什么。
解决方案
我只是使用了错误的范围。正确的配置是:
security:
- github-oauth2:
- read:user
components:
securitySchemes:
github-oauth2:
type: oauth2
description: GitHub OAuth2
flows:
authorizationCode:
authorizationUrl: https://github.com/login/oauth/authorize
tokenUrl: /github/login/oauth/access_token
scopes:
user: Read user info
推荐阅读
- sql - 为什么我的子查询在我的查询中没有返回结果,但在自己运行时正常返回?
- ruby-on-rails - 为什么工厂机器人会将传入的属性归零?我怎样才能让它不这样做?
- javascript - Javascript数组,返回键:具有特定键的值对
- openpyxl - openpyxl - gt 2.5.8 版本中的 col_idx、column、column_letter
- bash - bash 遍历哈希表
- json - 如何比较字符串中特定位置的字符来识别处理路径
- python - 如何使用 Selenium 和 BeautifulSoup 进行循环
- customization - 如何自定义 Wagtail 页面复制体验?
- scala - Spark多个动态聚合函数,countDistinct不起作用
- java - Cucumber中如何将获取Webdriver配置、关闭资源等常用方法放到一个通用类中?