Comments (20)
Hi. I've worked through this problem and have came up with a basic SWAGGER_SETTINGS for anyone having issues to reference.
This example works on a local server that is doing both authenticating and authorizing. It works on Django 2.0.
https://github.com/Vigrond/django_oauth2_example
from drf-yasg.
I'm going to close this issue. Please do report back with any further findings, and meanwhile I'm going to look into making the redirect url configurable (and also allowing arbitrary configuration variables), maybe even make the templates extensible.
from drf-yasg.
Hello @andruten
Sadly I have no idea about OAuth, so I don't think I can help you very much.
Have you tried watching the Network tab in the browser to see what goes wrong?
Could it be that the missing piece of your puzzle is the redirect URI? (https://github.com/swagger-api/swagger-ui/blob/master/docs/usage/configuration.md#network) - if it's this, there is currently no way to set it, but you could temporarily edit the swagger-ui-init.js
static file of this app in order to add it and see if it helps anything:
var swaggerConfig = {
oauth2RedirectUrl: '*correct url here*',
url: specURL,
dom_id: '#swagger-ui',
displayOperationId: true,
.
.
.
If that does not help, I really have no idea. You could try searching just for "swagger-ui oauth2" problems, since the issue is probably only loosely related to this library.
from drf-yasg.
Thank you so much @axnsan12. I'll take a look and i'll let you know!
from drf-yasg.
Have you had any success with this?
from drf-yasg.
Nope, it didn't work.
Finally, i changed the SWAGGER_SETTINGS
to this:
SWAGGER_SETTINGS = {
"USE_SESSION_AUTH": False,
"SECURITY_DEFINITIONS": {
"api_key": {
"type": "apiKey",
"name": "access_token",
"in": "header"
},
"google_oauth": {
"type": "oauth2",
"authorizationUrl": "http://127.0.0.1:8000/auth/login/google-oauth2",
"tokenUrl": "http://localhost:8000/auth/token",
"flow": "accessCode",
}
}
}
And the current flow is
GET /auth/login/google-oauth2?response_type=code&client_id={client_id}&redirect_uri=http%3A%2F%2Flocalhost%3A3200%2Foauth2-redirect.html&state={state}
GET /auth/login/google-oauth2/?response_type=code&client_id={client_id}&redirect_uri=http%3A%2F%2Flocalhost%3A3200%2Foauth2-redirect.html&state={state}
GET /auth/complete/google-oauth2/?state={state}&code={code}
There is a parameter called redirect_uri with http://localhost:3200/oauth2-redirect.html
value but that template it's not exposed in my project.
And i'm stucked there. Do you have any clues?
Thank you :).
from drf-yasg.
Yes, that looks like what I said above. It's not currently exposed, so I'd have to ask you to try and modify it in the library files (in your site-packagesπ±), just to see if it works/has the desired effect.
If that is the case, we can work out a way to make it configurable from client code.
from drf-yasg.
Ok, i'll do it and i'll tell you πͺ .
Thank you!
from drf-yasg.
This might also be relevant: https://github.com/swagger-api/swagger-ui/blob/master/docs/usage/oauth2.md
π€
from drf-yasg.
Hmmmm, interesting. Where is that class creation?
from drf-yasg.
My guess would be that you'd add it here:
(SwaggerUIBundle seems to be the deprecated name of SwaggerUI, will change that some time...)from drf-yasg.
ok, i'll have a try!
from drf-yasg.
The problem is http://localhost:3200/oauth2-redirect.html or http://localhost:8000/oauth2-redirect.html aren't exposed either. What can i expose that url? directly in my urls.py file and creating a view?
from drf-yasg.
Anyway, it didn't worked as expected. I can see the redirections but /oauth2-redirect.html is not beign reached in the flow.
from drf-yasg.
Well, I don't know. So you have your OAuth otherwise working? I would think this is part of the normal usage.
My guess would be that you have to create an endpoint on your server which gets called by Google when someone successfully authenticates. Google's oauth documentation would probably help.
from drf-yasg.
Yes, i think i'll do that. Thank you for your help :).
from drf-yasg.
Thank you @Vigrond!
from drf-yasg.
Hello @Vigrond, that looks great! Would you mind if I included your sample into the documentation? See #90.
from drf-yasg.
@axnsan12 looks good! thanks for the ref!
from drf-yasg.
@axnsan12 you may want to include a note to ensure their application's redirect_url is specified to swagger's static url. (/static/drf-yasg/swagger-ui-dist/oauth2-redirect.html) or they'll get a mismatched redirect error
from drf-yasg.
Related Issues (20)
- 1.21.6 - Missing redoc.min.map HOT 13
- get_schema_fields breaks when using django-filters after last update HOT 2
- Redirect URL is not being processed in Django 4.2 when using oauth2 implicit flow HOT 1
- coreschema does not get installed with 1.21.6 HOT 4
- Can I use swagger_auto_schema in generic views?
- Vulnerability Issue
- `SerializerMethodField` return type is always 'STRING' when a file uses `from __future__ import annotations` due to PEP 563 HOT 2
- Animation not working on brave browser
- swagger_serializer_method does not work with partialmethod
- Headers Not Getting Sent Along with Request!
- Wrong Base URL: localhost HOT 2
- Add Python 3.12 Support HOT 1
- from pkg_resources import DistributionNotFound, get_distribution `ModuleNotFoundError: No module named 'pkg_resources`
- Export enums with drf-yasg to Swagger: Works in responses serializers but not in query_serializer
- Showing the read_only fields in the serializer in the post /swagger template in (ForignKeyFields)
- Django5 not supported? HOT 1
- tags hierarchy (sub-tags grouping)
- How can i remove default urls generated by base_url of router from swagger ui ??
- django_filters is not compatible
- Login with JWT
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from drf-yasg.