Integrate Keycloak with Swagger

[Christina Lau]

Hi,

I am trying to integrate Swagger with Red Hat Keycloak (http://keycloak.jboss.org/) as the OAuth server for my RestEasy Restful services.

If I have a secured REST URL on a plain HTML page using href, when I clicked on it, it will take me to the Keycloak login screen (if I am not logged in).

Now if I use Swagger Try it link, somehow, the Keycloak login screen overlaps in the middle of the Swagger UI screen and it is a big mess (can't really see either screen UI).

Can you tell me how I can accomplish this integration? I read the Scala OAuth2 samples but am not following what to do. For example what values to put into the HTML for my app ld? I have a corresponding realm and client id in Keycloak, are those the values you want?

Thx for any help.

Christina

[Ron]

Hi Christina,

Can you please share some more details about your OAuth2 configuration?
Which OAuth2 flow do you use?

Can you share the authorization declaration in your swagger spec?

--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Christina Lau]

Hi Ron, thx for quick responses. Keycloak is using OAuth bearer token. In HTTP call, this is how it looks like:

httprequest.setHeader("Authorization", "Bearer " + getAccessToken());

Unfortunately, I am not quite sure how to set up the Swagger auth spec in Java.
Can you send a pointer please?

Here is my appl running on EC2:

http://ec2-54-84-240-18.compute-1.amazonaws.com:8080/dsgapi/

Click on item 3, Try it out. Then you will see Swagger.

Now say click on Get blueprints, and you will see Keycloak login buried underneath.

Now if you enter this URL:

http://ec2-54-84-240-18.compute-1.amazonaws.com:8080/dsgapi/blueprints/

You will see the Keycloak login challenge screen.

I noticed in your petstore sample you have your own login. I don't know if this is what you get after you set up the Swagger spec or not.

But I will like to have my Keycloak login screen instead. Is that possible? If yes, how should I implement it?

Thanks for your help!

Christina

--
You received this message because you are subscribed to a topic in the Google Groups "Swagger" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/swagger-swaggersocket/yPx2mdPhzs0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to swagger-swaggers...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Christina

[Ron]

Hi Christina,

It does look like you've skipped a few steps with regards to swagger and oauth2 declaration/configuration.

As a first step, can you please go over this blog post - http://developers-blog.helloreverb.com/enabling-oauth-with-swagger? It would give you pointers as to what you need to do in your spec and in swagger-ui in order to enable support for it.

Also, how do you produce your swagger spec? Is it manually written or using some library? If a library, which one?

[Christina Lau]

I am using this import com.wordnik.swagger.annotations.* in Java. I added @Api, @ApiOperation, @ApiResponses and using swagger 1.3.

        <groupId>com.wordnik</groupId>
            <artifactId>swagger-annotations_2.9.1</artifactId>
            <version>${swagger-version}</version>
        </dependency>
        <dependency>
            <groupId>com.wordnik</groupId>
            <artifactId>swagger-core_2.9.1</artifactId>
            <version>${swagger-version}</version>
        </dependency>
        <dependency>
            <groupId>com.wordnik</groupId>
            <artifactId>swagger-jaxrs_2.9.1</artifactId>
            <version>${swagger-version}</version>
        </dependency>

I have read the article, but still I don't understand what to specify in the initOAuth JS, what is the appName etc?

I also don't understand what is authorizationScope, what is "write:pets" mean?

Finally is there a Java sample that works out of the box as I can only find a Scala version.

[Ron]

Okay, that's a very old version.

Please change the artifactid to swagger-jaxrs_2.10 (you only need the jax-rs one, it'll pull in everything else), and for version use 1.3.7.

I don't think you need to worry about the initOAuth's appName for now.

As for the authorizationScope, it's part of OAuth2. Normally, the OAuth2 provider will allow you to pick scopes of available information to the client. That really depends on what you have configured in your server.

Looking at your api-docs (http://ec2-54-84-240-18.compute-1.amazonaws.com:8080/dsgapi/api-docs), you don't have authorizations configured at all.

As for a Java sample, I'm afraid I can't find one at the moment. However, using the scala sample as a base should be easy enough.
If you take a look here - https://github.com/wordnik/swagger-core/blob/master/samples/scala-jaxrs/src/main/scala/com/wordnik/swagger/sample/Bootstrap.scala, the code is pretty simple and even if you don't know scala, converting to java should be fairly straightforward.

[Christina Lau]

Hi Ron, thx for the pointers, I am able to make some progress. I can now see the button, and when I click on it, I get a redirect to my login screen (after clicking ok). However, the redirect URL is not correct, and I am not sure how to set it up.

This is the URL swagger is redirecting to, I am not sure what that scope is even though I removed the scope completely.

http://localhost:8080/auth/realms/DSG_API/tokens/login?redirect_uri=%2Fdsgapi?response_type=token&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fo2c.html&realm=DSG_API&client_id=dsgapi&scope=

This is what I need the URL to be (i.e. if I click on the HTML link directly, it will do this):

http://localhost:8080/auth/realms/DSG_API/tokens/login?client_id=dsgapi&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fdsgapi%2Fblueprints%2F&state=206%2F955bee69-39d3-4751-80f1-498ffebc687f&login=true

I didn't change the code on EC2 yet, but I can if you need to look at it.