Skip to content

is it possible to describe both implicit and application oauth flows without duplicating scope #510

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
balmas opened this issue Nov 15, 2015 · 2 comments
Closed

is it possible to describe both implicit and application oauth flows without duplicating scope #510

balmas opened this issue Nov 15, 2015 · 2 comments

Comments

@balmas
Copy link

balmas commented Nov 15, 2015

similar to #37 but I think not exactly the same.

Is it possible to describe with Swagger an API that allows you to use EITHER the implicit OR the application OAuth2 flows, where each have the same options for scopes? Using the swagger-ui, it seems to me that the scopes aren't deduplicated.

For example given this definition:

"securityDefinitions": {
        "oauth_code": {
            "type": "oauth2", 
            "authorizationUrl": "dmm_api/authorize",
            "flow": "application",
            "tokenUrl": "dmm_api/create_token",
             "scopes": {
                "create:identifer": "create an identifier"
            }
        },
        "oauth_app": {
            "type": "oauth2", 
            "authorizationUrl": "dmm_api/authorize", 
            "flow": "implicit", 
            "scopes": {
                "create:identifer": "create an identifier"
            }
        }
    },
    "paths": {
        "/dmm_api/item/create": {
            "post": {
                "description": "Creates a new item", 
                "operationId": "createItem", 
                "tags":[ "identifier"], 
                "parameters":[ {
                    "name": "comment", "type": "string"
                }], 
                "security":[ {
                    "oauth_code":[ "create:identifier"]
                },
                {
                    "oauth_app":[ "create:identifier"]
                }]
            }
        }
    }

the swagger-ui interprets these as two different scopes.

I might be misunderstanding either swagger or oauth here though...

thanks!
@webron
Copy link
Member

webron commented Nov 15, 2015

The example you gave describes the use case you presented. If you expect a different behavior in swagger-ui, please open a ticket there.

@balmas
Copy link
Author

balmas commented Nov 15, 2015

ok thanks! this was the verification I wanted before opening a ticket on the swagger-ui.

update:
and it seems the swagger-ui requests are already there :) for anyone else who might come upon this -- see items: swagger-api/swagger-ui#1644 swagger-api/swagger-ui#1410 swagger-api/swagger-ui#1383

@balmas balmas closed this as completed Nov 15, 2015
@snyk-bot snyk-bot mentioned this issue Jul 29, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@webron @balmas