swagger-ui

Go to file

Andreas Born 7b0ac1ae28 fix: show client secret input for PKCE auth code flow (#8268 )

* fix: show client secret input for PKCE auth code flow

PKCE and Client Secrets are allowed to coexist and neither is designed
as a replacement for the other. [1] It is wrong to assume that a client
secret must not or cannot be used in combination with PKCE. Quite the
opposite, when possible both PKCE and client secret should be used. [2]
So the premises of #6290 and #8146 are not correct.

Admittedly, for users of the PKCE mechanism WITHOUT a client secret it
might be a minor nuisance to see the client secret input in the Swagger
UI. But they can just leave it empty. On the other hand, for users of
the PKCE mechanism WITH a client secret it is more than just a nuisance
if the client secret input is not shown. The Swagger UI becomes unusable
for them (unless they've set a default value for the client secret,
which will be used hiddenly without being shown to the user).

Therefore the right course of action for now would be to revert #7438 to
show the client secret input always regardless of PKCE. In the future a
new flag could be introduced to hide the client secret input regardless
of the PKCE flag.

[1] https://oauth.net/2/pkce/
[2] https://www.oauth.com/oauth2-servers/pkce/

* docs: explain why client secret input is shown despite PKCE

2022-11-04 15:46:38 -07:00

.github

ci(nodejs.yml): refactor with single cache step (#8221 )

2022-10-11 13:04:50 +02:00

.husky

chore(deps-dev): update husky to 7.0.2 version

2021-11-03 09:49:50 +01:00

config

fix(jsdom): cumulative Jest updates with support for TextEncoder/TextDecoder (#8111 )

2022-07-20 13:15:06 -07:00

dev-helpers

fix(oauth2): parse params properly for casdoor in redirect (#8149 )

2022-08-12 09:53:34 -07:00

dist

chore(release): cut the v4.15.2 release

2022-10-26 19:47:11 +00:00

docker

fix(docker): Instruct browser not to cache swagger-initializer.js (#7960 )

2022-03-31 11:41:45 -07:00

docs

fix: show client secret input for PKCE auth code flow (#8268 )

2022-11-04 15:46:38 -07:00

flavors/swagger-ui-react

feat(swagger-ui-react): Add oauth2RedirectUrl prop (#8028 )

2022-05-25 09:46:11 -07:00

release

chore(release): return release scripts back to original

2021-11-03 09:49:50 +01:00

src

fix: show client secret input for PKCE auth code flow (#8268 )

2022-11-04 15:46:38 -07:00

swagger-ui-dist-package

docs(LICENSE): apply Apache 2.0 License correctly (#7574 )

2021-11-02 23:44:28 +01:00

test

fix: show client secret input for PKCE auth code flow (#8268 )

2022-11-04 15:46:38 -07:00

webpack

chore(deps-dev): bump sass-loader from 9.0.3 to 12.6.0 (#8191 )

2022-09-21 15:38:33 -07:00

.agignore

add .aignore

2017-10-25 09:39:31 +02:00

.commitlintrc.json

chore: enforce commit message conventions (#6577 )

2020-10-29 16:11:38 -07:00

.dockerignore

feature: full-spectrum runtime Docker configuration (via #4965 )

2018-11-01 14:53:29 -04:00

.editorconfig

Create .editorconfig

2017-03-19 17:34:09 -07:00

.eslintignore

chore(deps-dev): eslint@7 and @babel/eslint-parser (#7079 )

2021-03-16 11:53:04 -07:00

.eslintrc

chore(deps-dev): eslint@7 and @babel/eslint-parser (#7079 )

2021-03-16 11:53:04 -07:00

.gitattributes

Set EOL of docker-run.sh to LF

2017-05-08 21:10:51 +09:00

.gitignore

chore: update .gitignore with dev-helpers/examples (#6373 )

2020-09-09 17:30:14 -07:00

.lintstagedrc

chore: enforce commit message conventions (#6577 )

2020-10-29 16:11:38 -07:00

.mocharc.yaml

feat(build): es2015 bundle artifact (#6291 )

2020-08-13 17:21:55 -07:00

.npmignore

docs(LICENSE): apply Apache 2.0 License correctly (#7574 )

2021-11-02 23:44:28 +01:00

.npmrc

chore(package): freeze release-it library and it's deps

2020-06-10 23:24:02 +02:00

.nvmrc

chore(nvm): use recommended version of Node.js@16.8.x

2021-11-03 09:49:50 +01:00

.prettierrc.yaml

feat: Multiple Examples for OpenAPI 3 Parameters, Request Bodies, and Responses (via #5427 )

2019-06-29 19:52:51 +01:00

.whitesource

chore(deps): migrate .whitesource configuration file to inheritance mode (#7804 )

2022-01-31 15:49:09 +01:00

babel.config.js

fix(build): mitigate regressions to build framents in v4.13.1 (#8137 )

2022-08-02 14:10:06 +02:00

composer.json

Update composer.json

2017-04-04 12:25:07 -07:00

cypress.json

housekeeping: automated releases via release-it (via #4875 )

2018-09-13 15:09:26 -07:00

Dockerfile

chore(deps): bump nginx from 1.23.1-alpine to 1.23.2-alpine (#8247 )

2022-10-24 11:15:49 +00:00

LICENSE

docs(LICENSE): apply Apache 2.0 License correctly (#7574 )

2021-11-02 23:44:28 +01:00

NOTICE

docs(LICENSE): apply Apache 2.0 License correctly (#7574 )

2021-11-02 23:44:28 +01:00

package-lock.json

chore(deps): bump react-syntax-highlighter from 15.4.5 to 15.5.0 (#8261 )

2022-10-27 11:22:15 +00:00

package.json

chore(deps): bump react-syntax-highlighter from 15.4.5 to 15.5.0 (#8261 )

2022-10-27 11:22:15 +00:00

README.md

docs(README): add LICENSE section (#7327 )

2022-03-29 11:33:01 +02:00

renovate.json

chore(package): freeze release-it library and it's deps

2020-06-10 23:24:02 +02:00

SECURITY.md

docs(SECURITY.md): add v3 EOL info (#7701 )

2021-12-14 10:36:52 +01:00

snapcraft.yaml

Add the daemon

2017-01-14 05:15:39 +00:00

swagger-config.yaml

improvement: online.swagger.io -> validator.swagger.io (#5599 )

2019-09-09 21:33:23 -07:00

whitesource.config

chore(whitesource): update configuration file

2022-01-11 09:29:27 +01:00

README.md

Introduction

Swagger UI allows anyone — be it your development team or your end consumers — to visualize and interact with the API’s resources without having any of the implementation logic in place. It’s automatically generated from your OpenAPI (formerly known as Swagger) Specification, with the visual documentation making it easy for back end implementation and client side consumption.

General

👉🏼 Want to score an easy open-source contribution? Check out our Good first issue label.

🕰️ Looking for the older version of Swagger UI? Refer to the 2.x branch.

This repository publishes three different NPM modules:

swagger-ui is a traditional npm module intended for use in single-page applications that are capable of resolving dependencies (via Webpack, Browserify, etc).
swagger-ui-dist is a dependency-free module that includes everything you need to serve Swagger UI in a server-side project, or a single-page application that can’t resolve npm module dependencies.
swagger-ui-react is Swagger UI packaged as a React component for use in React applications.

We strongly suggest that you use swagger-ui instead of swagger-ui-dist if you’re building a single-page application, since swagger-ui-dist is significantly larger.

If you are looking for plain ol’ HTML/JS/CSS, download the latest release and copy the contents of the /dist folder to your server.

Compatibility

The OpenAPI Specification has undergone 5 revisions since initial creation in 2010. Compatibility between Swagger UI and the OpenAPI Specification is as follows:

Swagger UI Version	Release Date	OpenAPI Spec compatibility	Notes
4.0.0	2021-11-03	2.0, 3.0	tag v4.0.0
3.18.3	2018-08-03	2.0, 3.0	tag v3.18.3
3.0.21	2017-07-26	2.0	tag v3.0.21
2.2.10	2017-01-04	1.1, 1.2, 2.0	tag v2.2.10
2.1.5	2016-07-20	1.1, 1.2, 2.0	tag v2.1.5
2.0.24	2014-09-12	1.1, 1.2	tag v2.0.24
1.0.13	2013-03-08	1.1, 1.2	tag v1.0.13
1.0.1	2011-10-11	1.0, 1.1	tag v1.0.1

Documentation

Usage

Customization

Development

Contributing

Contributing

Integration Tests

You will need JDK of version 7 or higher as instructed here https://nightwatchjs.org/guide/getting-started/installation.html#install-selenium-server

Integration tests can be run locally with npm run e2e - be sure you aren’t running a dev server when testing!

Browser support

Swagger UI works in the latest versions of Chrome, Safari, Firefox, and Edge.

Known Issues

To help with the migration, here are the currently known issues with 3.X. This list will update regularly, and will not include features that were not implemented in previous versions.

Only part of the parameters previously supported are available.
The JSON Form Editor is not implemented.
Support for collectionFormat is partial.
l10n (translations) is not implemented.
Relative path support for external files is not implemented.

Security contact

Please disclose any security-related issues or vulnerabilities by emailing security@swagger.io, instead of using the public issue tracker.

License

SwaggerUI is licensed under Apache 2.0 license. SwaggerUI comes with an explicit NOTICE file containing additional legal notices and information.

README.md Unescape Escape

Introduction

General

Compatibility

Documentation

Usage

Customization

Development

Contributing

Integration Tests

Browser support

Known Issues

Security contact

License

README.md