azure-functions-openapi-extension: OAuth2 Workflow - oauth2-redirect.html not found

During Implementing an OAuth2 Workflow for the api documentation i’m getting the issue that the redirect page can’t be found. E.g. for local running function http://localhost:7071/oauth2-redirect.html can’t be found (404) after successful authentication.

My OpenApiOAuthSecurityFlows looks like this:

class TestOAuth2 : OpenApiOAuthSecurityFlows
    {
        public TestOAuth2 ()
        {
            this.Implicit = new OpenApiOAuthFlow()
            {
                AuthorizationUrl = new Uri("https://xxxx.b2clogin.com/xxxx.onmicrosoft.com/oauth2/v2.0/authorize?p=workflow_id"),
                Scopes = { { "https://xxxx.onmicrosoft.com/xxxx-xxx/API.User", "API Access" } },
                TokenUrl = new Uri("https://xxxx.b2clogin.com/xxxx.onmicrosoft.com/oauth2/v2.0/token?p=workflow_id")
                
            };
        }
    }

Am i missing some configuration for the redirect page?

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 23 (16 by maintainers)

Most upvoted comments

@justinyoo Thanks a lot! I tested it and now OAuth is working as expected!

+2
Derich367 on Mar 2, 2021

@Derich367 @svrooij v0.5.1-preview has been released including this hotfix.

+2
justinyoo on Mar 2, 2021

I also tested this, and your solution works!

I have one more improvement, the Swagger UI is available at /api/swagger/ui so I thought the redirect file would be available at api/swagger/oauth2-redirect.html (instead of /api/oauth2-redirect.html) that way you keep the api root clean of files that are used by swagger.

+1
svrooij on Mar 3, 2021

@svrooij Thanks for the info! For now, I’ll fix the /api part, then extend the configuration.

+1
justinyoo on Feb 27, 2021

The redirect uri is mandatory in the authorize/token request according to the oauth2 specs. The authentication server has a list of allowed redirect uris per application and only checks it the request uri is in the list. The specs have no room for other configuration

According to this page you can setup swagger to load a configuraton uri upon load. Which will then load a all the configuration from some url (which could also be a function). That way you would enable all sort of configuration stuff.

You can also add the settings as an object in the original ui html (that is how it works in the aps.net core swagger package).

Next to this is would also be very nice if there was some way to control these settings from the configuation.

+1
svrooij on Feb 27, 2021

Oh, it’s implemented and will be included in the next release. I’ll comment it when it’s released.

+1
justinyoo on Feb 26, 2021

And just a quick work-around for anyone who is struggling with this, just add a proxies.json file with the following content

{
  "$schema": "http://json.schemastore.org/proxies",
  "proxies": {
    "SwaggerUiRedirect": {
      "matchCondition": {
        "methods": [ "GET" ],
        "route": "/oauth2-redirect.html"
      },
       //I'm not sure if this url is allowed, but you get the point.
      "backendUri": "https://petstore.swagger.io/oauth2-redirect.html"
    }
  }
}
+1
svrooij on Feb 22, 2021

OH! Is that mine? 🙈🙈🙈 I should implement it then. I totally overlooked that part. Thanks for letting me know!

+1
justinyoo on Feb 19, 2021
Read more comments on GitHub
← azure-functions-openapi-extension: BUG: Object reference not set.... .net 6 functions
azure-functions-openapi-extension: swagger.json missing "paths" when deployed as Azure Functions from DevOps →