swagger-ui: OAuth2 Password Flow is broken in Swagger UI 3.x

I use http://petstore.swagger.io/ with this config http://flask-restplus-example-server.herokuapp.com/api/v1/swagger.json.

First of all, there is no scopes selection, which seems to be the source of the following bug. If I just enter the credentials, I get the following traceback:

swagger-ui-bundle.js:51 Uncaught TypeError: t.map is not a function
    at c (http://petstore.swagger.io/js/swagger-ui-bundle.js:71:30290)
    at http://petstore.swagger.io/js/swagger-ui-bundle.js:71:30534
    at Array.reduce (native)
    at l (http://petstore.swagger.io/js/swagger-ui-bundle.js:71:30362)
    at Object.p [as mergeInQueryOrForm] (http://petstore.swagger.io/js/swagger-ui-bundle.js:71:31273)
    at Object.fetch (http://petstore.swagger.io/js/swagger-ui-bundle.js:71:31444)
    at http://petstore.swagger.io/js/swagger-ui-bundle.js:81:5588
    at Object.dispatch (http://petstore.swagger.io/js/swagger-ui-bundle.js:41:3805)
    at dispatch (<anonymous>:2:1507)
    at Object.authorizePassword (http://petstore.swagger.io/js/swagger-ui-bundle.js:34:2323)

/cc @webron @bodnia @MugeSo @hkulekci @HugoMario @vpandey-rms @wimpers @bundabrg @danballance (I am sorry for the possible spam, but you were interested in the #2397, so I figured I would let you know about the issue).

About this issue

Original URL
State: closed
Created 7 years ago
Reactions: 1
Comments: 22 (8 by maintainers)

Commits related to this issue

#2774 display scopes for oauth2 password flow — committed to bodnia/swagger-ui by bodnia 7 years ago
Merge pull request #2826 from bodnia/fix-2774 #2774 display scopes for oauth2 password flow — committed to swagger-api/swagger-ui by bodnia 7 years ago

Most upvoted comments

@bodnia Oh, my! I am so sorry for the trouble! (It would be great to have a nicer error message there…)

frol on Mar 30, 2017

@frol the error is caused by tokenUrl in securityDefinitions:

"tokenUrl": "/auth/oauth2/token"

As far as it has relative path fetch cannot call it. Following works ok:

"securityDefinitions": {
    "oauth2_password": {
      "flow": "password",
      "scopes": {
        "auth:read": "Provide access to auth details",
        "auth:write": "Provide write access to auth details",
        "teams:read": "Provide access to team details",
        "teams:write": "Provide write access to team details",
        "users:read": "Provide access to user details",
        "users:write": "Provide write access to user details"
      },
      "tokenUrl": "http://flask-restplus-example-server.herokuapp.com/auth/oauth2/token",
      "type": "oauth2"
    }
  }

Display and send scopes as query parameter is merged to latest master.

bodnia on Mar 30, 2017

@bodnia - can you take a look at this? I believe we fixed it in an alternative build, but maybe the fix didn’t get here as well.

@Minasokoni - if you try to load the provided spec, the global Authorize button does not appear (guessing it’s related to https://github.com/swagger-api/swagger-ui/pull/2750) and the Authorize button for individual operations does not open (at least in FF). I’ve checked in 3.0.1 and it wasn’t an issue.

webron on Mar 23, 2017