diff --git a/dist/lib/swagger-oauth.js b/dist/lib/swagger-oauth.js index a7a7191e..72e649a6 100644 --- a/dist/lib/swagger-oauth.js +++ b/dist/lib/swagger-oauth.js @@ -103,12 +103,12 @@ function handleLogin() { for (var key in authSchemes) { if (authSchemes.hasOwnProperty(key)) { var flow = authSchemes[key].flow; - + if(authSchemes[key].type === 'oauth2' && flow && (flow === 'implicit' || flow === 'accessCode')) { var dets = authSchemes[key]; url = dets.authorizationUrl + '?response_type=' + (flow === 'implicit' ? 'token' : 'code'); window.swaggerUi.tokenName = dets.tokenName || 'access_token'; - window.swaggerUi.tokenUrl = (flow === 'accessCode' ? dets.tokenUrl : null); + window.swaggerUi.tokenUrl = (flow === 'accessCode' ? dets.tokenUrl : null); } else if(authSchemes[key].grantTypes) { // 1.2 support @@ -135,11 +135,14 @@ function handleLogin() { for(k =0; k < o.length; k++) { var scope = $(o[k]).attr('scope'); - + if (scopes.indexOf(scope) === -1) scopes.push(scope); } + // Implicit auth recommends a state parameter. + var state = Math.random (); + window.enabledScopes=scopes; redirect_uri = redirectUrl; @@ -148,6 +151,7 @@ function handleLogin() { url += '&realm=' + encodeURIComponent(realm); url += '&client_id=' + encodeURIComponent(clientId); url += '&scope=' + encodeURIComponent(scopes.join(' ')); + url += '&state=' + encodeURIComponent(state); window.open(url); }); @@ -210,11 +214,11 @@ function processOAuthCode(data) { url : window.swaggerUi.tokenUrl, type: "POST", data: params, - success:function(data, textStatus, jqXHR) + success:function(data, textStatus, jqXHR) { onOAuthComplete(data); }, - error: function(jqXHR, textStatus, errorThrown) + error: function(jqXHR, textStatus, errorThrown) { onOAuthComplete(""); } @@ -268,7 +272,7 @@ function onOAuthComplete(token) { // all scopes are satisfied $(o).find('.api-ic').addClass('ic-info'); $(o).find('.api-ic').removeClass('ic-warning'); - $(o).find('.api-ic').removeClass('ic-error'); + $(o).find('.api-ic').removeClass('ic-error'); } } }); diff --git a/lib/swagger-oauth.js b/lib/swagger-oauth.js index a7a7191e..72e649a6 100644 --- a/lib/swagger-oauth.js +++ b/lib/swagger-oauth.js @@ -103,12 +103,12 @@ function handleLogin() { for (var key in authSchemes) { if (authSchemes.hasOwnProperty(key)) { var flow = authSchemes[key].flow; - + if(authSchemes[key].type === 'oauth2' && flow && (flow === 'implicit' || flow === 'accessCode')) { var dets = authSchemes[key]; url = dets.authorizationUrl + '?response_type=' + (flow === 'implicit' ? 'token' : 'code'); window.swaggerUi.tokenName = dets.tokenName || 'access_token'; - window.swaggerUi.tokenUrl = (flow === 'accessCode' ? dets.tokenUrl : null); + window.swaggerUi.tokenUrl = (flow === 'accessCode' ? dets.tokenUrl : null); } else if(authSchemes[key].grantTypes) { // 1.2 support @@ -135,11 +135,14 @@ function handleLogin() { for(k =0; k < o.length; k++) { var scope = $(o[k]).attr('scope'); - + if (scopes.indexOf(scope) === -1) scopes.push(scope); } + // Implicit auth recommends a state parameter. + var state = Math.random (); + window.enabledScopes=scopes; redirect_uri = redirectUrl; @@ -148,6 +151,7 @@ function handleLogin() { url += '&realm=' + encodeURIComponent(realm); url += '&client_id=' + encodeURIComponent(clientId); url += '&scope=' + encodeURIComponent(scopes.join(' ')); + url += '&state=' + encodeURIComponent(state); window.open(url); }); @@ -210,11 +214,11 @@ function processOAuthCode(data) { url : window.swaggerUi.tokenUrl, type: "POST", data: params, - success:function(data, textStatus, jqXHR) + success:function(data, textStatus, jqXHR) { onOAuthComplete(data); }, - error: function(jqXHR, textStatus, errorThrown) + error: function(jqXHR, textStatus, errorThrown) { onOAuthComplete(""); } @@ -268,7 +272,7 @@ function onOAuthComplete(token) { // all scopes are satisfied $(o).find('.api-ic').addClass('ic-info'); $(o).find('.api-ic').removeClass('ic-warning'); - $(o).find('.api-ic').removeClass('ic-error'); + $(o).find('.api-ic').removeClass('ic-error'); } } });