Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

client can be redirected to the login page without being required to provide the credentials from the server. #10387

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

client can be redirected to the login page without being required to provide the credentials from the server. #10387

wants to merge 1 commit into from

Conversation

Mathias02
Copy link

@Mathias02 Mathias02 commented Mar 27, 2025
edited
Loading

Description

I updated the Swagger UI setup in dist/index.html to dynamically fetch OIDC configuration from your Liberty server's REST AP. This allowed Swagger UI to be pre-configured with client credentials, including clientId, clientSecret, and the oauth2RedirectUrl.

Motivation and Context

To allow the client to be redirected to the login page without providing the server credentials.

CLOSES: #7270

How Has This Been Tested?

  • Yes, It's been tested and it runs smoothly

Screenshots (if appropriate):

Screenshot at 2025-03-27 21-55-14
Screenshot at 2025-03-27 21-54-42

Checklist

My PR contains...

  • No code changes (src/ is unmodified: changes to documentation, CI, metadata, etc.)
  • Dependency changes (any modification to dependencies in package.json)
  • Bug fixes (non-breaking change which fixes an issue)
  • Improvements (misc. changes to existing features)
  • Features (non-breaking change which adds functionality)

My changes...

  • [x ] are breaking changes to a public API (config options, System API, major UI change, etc).
  • are breaking changes to a private API (Redux, component props, utility functions, etc.).
  • are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
  • are not breaking changes.

Documentation

  • My changes do not require a change to the project documentation.
  • My changes require a change to the project documentation.
  • If yes to above: I have updated the documentation accordingly.

Automated tests

  • My changes can not or do not need to be tested.
  • My changes can and should be tested by unit and/or integration tests.
  • If yes to above: I have added tests to cover my changes.
  • If yes to above: I have taken care to cover edge cases in my tests.
  • All new and existing tests passed.

@Mathias02 Mathias02 changed the title client can be redirected to the loging page without being required to provide the credentials from the server. client can be redirected to the login page without being required to provide the credentials from the server. Mar 27, 2025
trickert76
trickert76 reviewed Apr 1, 2025
View reviewed changes
dist/index.html
// OAuth2 authentication configuration
oauth2: {
clientId: "YOUR_CLIENT_ID", // Replace with actual client ID
clientSecret: "YOUR_CLIENT_SECRET", // Optional, only needed for some flows
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would delete this line of code. It's bad practice to expose client secrets on a HTML/JS page that can everybody read. Use a public OIDC client configuration only which doesnt require a client secret.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trickert76 trickert76 trickert76 left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

GET OIDC client credentials from the Server where SwaggerUI is hosted.
2 participants
@Mathias02 @trickert76