Keycloak (OpenID-Connect OAuth) Swagger Integration
Néstor Almeida
I am trying to integrate Swagger UI with Keycloak OpenID (OAuth2 compatible) as the OAuth server for my restful services running in a JBoss EAP 7 server.
They are role based and user based permissions.
I added this code to my Swagger index.html:
ui.initOAuth({
clientId: "gcid-alertas-restful-api",
realm: "gcid",
appName: "GCID Alertas Rest API",
scopeSeparator: " ",
additionalQueryStringParams: {}
})
The resources map is:
/ for the Swagger UI
/rest/ for the WS (protected by Keycloak)
/site for the Maven site documentation
When I hit the "Authorize" button It show me the Swagger authorizations screen:
But when I fill all the data and press the button...
Fetch API cannot load http://-----:18080/auth/realms/gcid/protocol/openid-connect/token?client_id=gcid-alertas-restful-api&client_secret=client-secret. Request header field Access-Control-Allow-Origin is not allowed by Access-Control-Allow-Headers in preflight response.
But the UI don't send the user name and the password nor the grand type...
If I use curl I can get the token.
C:\Users\usuario>curl -d "client_id=gcid-alertas-restful-api" -d "client_secret=client-secret" -d "username=usuario1" -d "password=password" -d "grant_type=password" http://-----:18080/auth/realms/gcid/protocol/openid-connect/token
So... In resume, I have a Rest API with a KC (OAuth2 server) and I want to link Swagger UI to the OAuth server to loggin and test the methods... It's working for you? I'm not sure what I doing wrong. :/
Thanks you in advance,
Nestor Almeida.
PD. CORS is enabled!
Néstor Almeida
My securityDefinitions.json is:
{
"alertas_oauth": {
"type": "oauth2",
"authorizationUrl": "http://-----:18080/auth/realms/gcid/protocol/openid-connect/auth",
"tokenUrl": "http://------:18080/auth/realms/gcid/protocol/openid-connect/token",
"flow": "password",
"scopes": {
"urn:gcid.org:scopes:alertas:listar": "Permite la lectura de alertas",
"urn:gcid.org:scopes:alertas:crear": "Permite la creación de alertas",
"urn:gcid.org:scopes:alertas:editar": "Permite la modificiación de alertas",
"urn:gcid.org:scopes:alertas:eliminar": "Permite la eliminación de alertas"
}
}
}
----- is a replacement for the IP address
Ron Ratovsky
You need to enable CORS in Keycloak as it seems. A quick google search came up with https://github.com/keycloak/keycloak/tree/master/examples/cors but there might be other more suitable resources.
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Néstor Almeida
Ron Ratovsky
Same computer is not enough – they have to be hosted on the same server and the same port (i.e., the same application/service).
Only browsers are affected by CORS, which is why curl works as expected. Try fixing that first, then we can check for other issues.
From: <swagger-sw...@googlegroups.com> on behalf of Néstor Almeida <nestor.a...@gmail.com>
Reply-To: "swagger-sw...@googlegroups.com" <swagger-sw...@googlegroups.com>
Date: Tuesday, October 3, 2017 at 05:26
To: Swagger <swagger-sw...@googlegroups.com>
Subject: Re: Keycloak (OpenID-Connect OAuth) Swagger Integration
Client and server is in the same computer. This does not seem to be a CORS mistake. If I launch curl it works.
--
Néstor Almeida
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.