cxf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sergey Beryozkin (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CXF-7137) Allow OAuth2 customization via Swagger2Feature
Date Thu, 17 Nov 2016 12:26:58 GMT

    [ https://issues.apache.org/jira/browse/CXF-7137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15673577#comment-15673577
] 

Sergey Beryozkin commented on CXF-7137:
---------------------------------------

OK, thanks.
So we have a confidential OAuth2 (web server) client.

Can you please address my earlier question. This client does not want to let anyone else see
this secret. This client will only use this secret to talk to AccessTokenService. Letting
the users to Try it Out via Swagger UI would be a potential security issue. What am I missing
? cheers

> Allow OAuth2 customization via Swagger2Feature
> ----------------------------------------------
>
>                 Key: CXF-7137
>                 URL: https://issues.apache.org/jira/browse/CXF-7137
>             Project: CXF
>          Issue Type: Improvement
>          Components: JAX-RS
>    Affects Versions: 3.1.8
>            Reporter: Alexander K.
>
> It seems that there is no way to customize initOAuth() details like clientId, clientSecret,
realm, appName, etc. for SwaggerUI-OAuth integration. This will allow Swagger-UI authorization
for protected CXF REST services by an authorization server such as Keycloak.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message