Skip to content

Automatic token refresh for REST API with OpenID Connect authentication? #7257

New issue
New issue
Open
#8053
Open
Automatic token refresh for REST API with OpenID Connect authentication?#7257
#8053
Labels
cat: authpull-request-welcomeIf a PR were to be made, we would help get it mergedtype: enhancement
@retrofreak83

Description

@retrofreak83
retrofreak83
opened on May 11, 2021

Q&A (please complete the following information)

  • OS: Linux Mint 20.1
  • Browser: Chromium
  • Version: 90.0.4430.93
  • Method of installation: by Springdoc 1.5.8
  • Swagger-UI version: 3.47.1
  • Swagger/OpenAPI versionOpenAPI 3.0

Content & configuration

I am developing an application having a REST API that is secured by Spring Security, using Keycloak to provide OpenID Connect functionalities.
The OpenAPI specification is generated using Springdoc. AFAIK, the correct way of getting SwaggerUI to authenticate against OpenID Connect is to use OpenID Connect Discovery.

Swagger/OpenAPI definition:

openapi: 3.0.1
info:
  title: NEW API
  description: This document specifies the API of NEW
  version: v0.1-SNAPSHOT
servers:
  - url: 'http://localhost:8080'
    description: Generated server url
security:
  - oidc: []
paths:
  /p/list:
    get:
      tags:
        - plugin-controller
      operationId: getAllOperations
      responses:
        '200':
          description: OK
          content:
            '*/*':
              schema:
                type: array
                items:
                  type: string
        '400':
          description: Bad Request
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/JSONResponse'
        '401':
          description: Unauthorized
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/JSONResponse'
        '403':
          description: Forbidden
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/JSONResponse'
        '500':
          description: Internal Server Error
          content:
            '*/*':
              schema:
                $ref: '#/components/schemas/JSONResponse'

components:
  schemas:
    JSONResponse:
      type: object
      properties:
        errorData:
          type: string
          description: the raw error data
        token:
          type: string
  securitySchemes:
    oidc:
      type: openIdConnect
      openIdConnectUrl: 'http://localhost:8888/auth/realms/new/.well-known/openid-configuration'

How can we help?

Authorization works well in principal, but the application needs to do a token refresh automatically and regularly.
Currently, I can send valid request to the API until the validity of the token acquired during login has expired.
In the SwaggerUI documentation, I did not find how to configure such a thing like token refresh.
Is SwaggerUI able to perform an automatic token refresh or is there eventually a possibility that the user can trigger it manually?

Metadata

Metadata

Assignees

No one assigned

    Labels

    cat: authpull-request-welcomeIf a PR were to be made, we would help get it mergedtype: enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions