Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

How to configure Authorization Code Grant with PKCE flow properly? #3118

Open
@VitorPaulinoG

Description

I'm using the latest version of SpringDoc OpenAPI. However, even after following all the steps to enable authentication with the Authorization Code Grant with PKCE flow through Swagger, the "client_secret is missing" message still appears.
And worse... if I enter the client secret (which shouldn't be required for this flow), Swagger displays the message that the code_verifier is invalid. This is probably because the code_challenge was not generated or was generated incorrectly.
Below is the current configuration:

		<dependency>
			<groupId>org.springdoc</groupId>
			<artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
			<version>2.8.13</version>
		</dependency>
spring:
 security:
 oauth2:
 resourceserver:
 jwt: 
 issuer-uri: https://accounts.google.com
 jwk-set-uri: https://www.googleapis.com/oauth2/v3/certs
springdoc:
 swagger-ui:
 oauth:
 client-id: ${GOOGLE_CLIENT_ID}
 use-pkce-with-authorization-code-grant: true
 scopes: openid,email,profile
 oauth2-redirect-url: http://localhost:8080/swagger-ui/oauth2-redirect.html
 config-url: /v3/api-docs/swagger-config
@Configuration
@EnableWebSecurity
public class SecurityConfig {
 @Bean
 SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 return http
 .cors(cors -> cors.disable())
 .csrf(csrf -> csrf.disable())
 .authorizeHttpRequests(auth -> {
 auth.requestMatchers(HttpMethod.OPTIONS, "/**").permitAll()
 .requestMatchers(
 "/swagger-ui/**", 
 "/swagger-ui.html", 
 "/swagger-resources/**",
 "/swagger-ui/oauth2-redirect.html",
 "/swagger-resources",
 "/v3/api-docs/**",
 "/actuator/**",
 "/webjars/**"
 ).permitAll()
 .anyRequest().authenticated();
 })
 .oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults()))
 .build();
 }
}
@Configuration
public class OpenApiConfig {
 @Bean
 OpenAPI openAPI() {
 final String securitySchemeName = "googleAuth";
 return new OpenAPI()
 .info(new Info().title("YouLyrics").version("1.0"))
 .addSecurityItem(new SecurityRequirement().addList(securitySchemeName))
 .components(new Components()
 .addSecuritySchemes(securitySchemeName,
 new SecurityScheme()
 .type(SecurityScheme.Type.OAUTH2)
 .description("Autenticação via Google (PKCE)")
 .flows(new OAuthFlows()
 .authorizationCode(new OAuthFlow()
 .authorizationUrl("https://accounts.google.com/o/oauth2/v2/auth")
 .tokenUrl("https://oauth2.googleapis.com/token")
 .scopes(new Scopes()
 .addString("openid", "OpenID Connect scope")
 .addString("email", "Access to email")
 .addString("profile", "Access to basic profile")
 )))));
 }
}

Please tell me what I'm doing wrong.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

      Relationships

      None yet

      Development

      No branches or pull requests

      Issue actions

        AltStyle によって変換されたページ (->オリジナル) /