-
-
Notifications
You must be signed in to change notification settings - Fork 545
Closed
@ddpoma
Description
Describe the bug
Setting the scopes in the OpenAPI specification from application YAML properties doesn't preserve the scope format as expected.
When I try to set the scopes like this:
scopes: write:pets: modify pets in your account read:pets: read your pets
or
scopes: "write:pets": modify pets in your account "read:pets": read your pets
The result is:
- writepets
- readpets
To Reproduce
Steps to reproduce the behavior:
- Create a Spring Boot application with the following dependencies:
- gradle 8.14.3
- org.springframework.boot:spring-boot-starter-web:3.5.5
- org.springdoc:springdoc-openapi-starter-webmvc-ui:2.8.9
- Add the following
application.ymlconfiguration:
server: port: 8080 spring: application: name: hello-application springdoc: swagger-ui: oauth: app-name: "Pet Auth Service" open-api: components: securitySchemes: petstore-oauth2: type: oauth2 flows: implicit: authorizationUrl: https://example.com/api/oauth/dialog scopes: write:pets: modify pets in your account read:pets: read your pets authorizationCode: authorizationUrl: https://example.com/api/oauth/dialog tokenUrl: https://example.com/api/oauth/token scopes: write:pets: modify pets in your account read:pets: read your pets
- Access the OpenAPI docs at http://localhost:8080/v3/api-docs and observe that the scopes are rendered as writepets and readpets, not write:pets and read:pets as expected.
{
"openapi": "3.1.0",
"info": {
"title": "OpenAPI definition",
"version": "v0"
},
"servers": [
{
"url": "http://localhost:8080",
"description": "Generated server url"
}
],
"paths": {
},
"components": {
"securitySchemes": {
"petstore-oauth2": {
"type": "oauth2",
"flows": {
"implicit": {
"authorizationUrl": "https://example.com/api/oauth/dialog",
"scopes": {
"writepets": "modify pets in your account",
"readpets": "read your pets"
}
},
"authorizationCode": {
"authorizationUrl": "https://example.com/api/oauth/dialog",
"tokenUrl": "https://example.com/api/oauth/token",
"scopes": {
"writepets": "modify pets in your account",
"readpets": "read your pets"
}
}
}
}
}
}
}Expected behavior
The output JSON should include the scopes in the correct format, like so:
{
"openapi": "3.1.0",
"info": {
"title": "OpenAPI definition",
"version": "v0"
},
"servers": [
{
"url": "http://localhost:8080",
"description": "Generated server url"
}
],
"paths": {
},
"components": {
"securitySchemes": {
"petstore-oauth2": {
"type": "oauth2",
"flows": {
"implicit": {
"authorizationUrl": "https://example.com/api/oauth/dialog",
"scopes": {
"write:pets": "modify pets in your account",
"read:pets": "read your pets"
}
},
"authorizationCode": {
"authorizationUrl": "https://example.com/api/oauth/dialog",
"tokenUrl": "https://example.com/api/oauth/token",
"scopes": {
"write:pets": "modify pets in your account",
"read:pets": "read your pets"
}
}
}
}
}
}
}Screenshots
Then in swagger ui the scopes also appears with the wrong format:
Additional context