如何解决GitHub OAuth2和Swagger UI
我正在尝试通过OAuth2身份验证使用Swagger UI。 我正在使用GitHub作为OAuth2提供程序。 OpenAPI规范配置如下:
security:
- github-oauth2:
- read:user
components:
securitySchemes:
github-oauth2:
type: oauth2
description: GitHub OAuth2
flows:
authorizationCode:
authorizationUrl: https://github.com/login/oauth/authorize
tokenUrl: /github/login/oauth/access_token
scopes:
read:user: Read user info
当我单击图标进行身份验证时,将打开以下弹出窗口:
当我单击“授权”时,可以看到执行了以下Ajax调用:
curl 'https://github.com/login/oauth/access_token' \
-H 'Accept: application/json,text/plain,*/*' \
-H 'Content-Type: application/x-www-form-urlencoded' \
--data-raw 'grant_type=authorization_code&code=e84fe8fbcfc14f3ea7eb&client_id=20352f8b20b8b15760e7&client_secret=xxxxxxx&redirect_uri=https%3A%2F%2Flocalhost%2Foauth2-redirect.html' \
--compressed \
--insecure -D - -o output.txt
error=bad_verification_code&error_description=The+code+passed+is+incorrect+or+expired.&error_uri=https%3A%2F%2Fdocs.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-oauth-app-access-token-request-errors%2F%23bad-verification-code
响应的标题是:
Date: Sat,07 Nov 2020 21:13:03 GMT
Content-Type: application/x-www-form-urlencoded; charset=utf-8
transfer-encoding: chunked
Server: GitHub.com
Status: 200 OK
vary: X-PJAX
ETag: W/"247b44249fccede96d6031934fdd6443"
Cache-Control: max-age=0,private,must-revalidate
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Referrer-Policy: origin-when-cross-origin,strict-origin-when-cross-origin
Expect-CT: max-age=2592000,report-uri="https://api.github.com/_private/browser/errors"
Content-Security-Policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; connect-src 'self' uploads.github.com www.githubstatus.com collector.githubapp.com api.github.com www.google-analytics.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com; frame-ancestors 'none'; frame-src render.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com collector.githubapp.com github-cloud.s3.amazonaws.com *.githubusercontent.com; manifest-src 'self'; media-src 'none'; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/socket-worker.js gist.github.com/socket-worker.js
vary: Accept-Encoding,Accept,X-Requested-With
vary: Accept-Encoding
X-GitHub-Request-Id: E67D:B003:F0125B:1586D8A:5FA70DDF
我不确定自己在做什么错。
解决方法
我只是使用了错误的范围。正确的配置是:
security:
- github-oauth2:
- read:user
components:
securitySchemes:
github-oauth2:
type: oauth2
description: GitHub OAuth2
flows:
authorizationCode:
authorizationUrl: https://github.com/login/oauth/authorize
tokenUrl: /github/login/oauth/access_token
scopes:
user: Read user info
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
