github - GitHub OAuth2 和 Swagger UI

问题描述

我正在尝试将 Swagger UI 与 OAuth2 身份验证一起使用。我使用 GitHub 作为 OAuth2 提供者。OpenAPI 规范配置如下：

security:
  - github-oauth2:
      - read:user
components:
  securitySchemes:
    github-oauth2:
      type: oauth2
      description: GitHub OAuth2
      flows:
        authorizationCode:
          authorizationUrl: https://github.com/login/oauth/authorize
          tokenUrl: /github/login/oauth/access_token
          scopes:
            read:user: Read user info

当我单击该图标进行身份验证时，将打开以下弹出窗口：

当我单击“授权”时，我可以看到执行了以下 Ajax 调用：

curl 'https://github.com/login/oauth/access_token' \
  -H 'Accept: application/json, text/plain, */*' \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  --data-raw 'grant_type=authorization_code&code=e84fe8fbcfc14f3ea7eb&client_id=20352f8b20b8b15760e7&client_secret=xxxxxxx&redirect_uri=https%3A%2F%2Flocalhost%2Foauth2-redirect.html' \
  --compressed \
  --insecure -D - -o output.txt

响应代码为 200，但正文包含错误：

error=bad_verification_code&error_description=The+code+passed+is+incorrect+or+expired.&error_uri=https%3A%2F%2Fdocs.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-oauth-app-access-token-request-errors%2F%23bad-verification-code

响应的标头是：

Date: Sat, 07 Nov 2020 21:13:03 GMT
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Transfer-Encoding: chunked
Server: GitHub.com
Status: 200 OK
Vary: X-PJAX
ETag: W/"247b44249fccede96d6031934fdd6443"
Cache-Control: max-age=0, private, must-revalidate
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
X-Frame-Options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Expect-CT: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
Vary: Accept-Encoding, Accept, X-Requested-With
Vary: Accept-Encoding
X-GitHub-Request-Id: E67D:B003:F0125B:1586D8A:5FA70DDF

我不确定我做错了什么。

标签： githuboauth-2.0swagger-ui