swagger UI for Spring Boot API : How to add “audience” in request body for authorising “client credentials” flow

Question

swagger UI for Spring Boot API : How to add “audience” in request body for authorising “client credentials” flow

ShradhaFielddata opened this issue 6 years ago · 0 comments

I have generated swagger UI documentation from my spring boot API, the API is secured using oauth2 client credentials grant from auth0.

The problem is that:
In the swagger configuration, I am unable to set the "audience" request body parameter while authorisation.
Thus, swagger ui is not authenticating the API.

I am following this documentation:
https://www.baeldung.com/swagger-2-documentation-for-spring-rest-api

pom.xml:

	<dependency>
	    <groupId>io.springfox</groupId>
	    <artifactId>springfox-swagger-ui</artifactId>
	    <version>2.9.2</version>  
	</dependency>
	
	<dependency>
	    <groupId>io.springfox</groupId>
	    <artifactId>springfox-swagger2</artifactId>
	    <version>2.9.2</version> 
	</dependency>

SwaggerConfig.Java:

	@Configuration
	@EnableSwagger2
	public class SwaggerConfig {                                    
	
	
	String token_endpoint = "xxxx";
	
	
		@Bean
		public Docket api() {                
		    return new Docket(DocumentationType.SWAGGER_2)          
		      .select()                                       
		      .apis(RequestHandlerSelectors.basePackage("xxxx.controller"))
		      .paths(PathSelectors.any())                     
		      .build()
		      .apiInfo(apiInfo())
		      .useDefaultResponseMessages(false)
		      .securitySchemes(Arrays.asList(securityScheme()))
		      .securityContexts(Arrays.asList(securityContext()));
		}
		
	    	
	
	
		private ApiInfo apiInfo() {
		    return new ApiInfo(
		      "xxxx API", 
		      "Some description of API.", 
		      "xxxx", 
		      "Terms of service", 
		      new Contact("xx", "xxxx", "xxxx"), 
		      "License of API", "xxxx", Collections.emptyList());
		} 
	  
		
		
	    public void addResourceHandlers(ResourceHandlerRegistry registry) {
		    registry.addResourceHandler("swagger-ui.html")
		      .addResourceLocations("classpath:/META-INF/resources/");
		 
		    registry.addResourceHandler("/webjars/**")
		      .addResourceLocations("classpath:/META-INF/resources/webjars/");
		}
	    
	   @Bean
	    public SecurityConfiguration security() {
		   
		   
	        return SecurityConfigurationBuilder.builder()
	        	.appName("xxxx")
	            .clientId("")
	            .clientSecret("")
	            .build();
	        
	    }
	    
	    private SecurityScheme securityScheme() {
	        GrantType grantType = new ClientCredentialsGrant(token_endpoint);
	        SecurityScheme oauth = new OAuthBuilder().name("spring_oauth")
	            .grantTypes(Arrays.asList(grantType))
	            .build();
	        return oauth;
	    }
	   
	    
	
		private SecurityContext securityContext() {
	        return SecurityContext.builder()
	          .forPaths(PathSelectors.any())
	          .build();
	    }  
	    
	
	    
	}

The response is as 403 Forbidden and this is because, I am not able to provide "audience" in the request body during authorization:

"error_description": "Non-global clients are not allowed access to APIv1"