Solved: Unable to get smartdoc working with oAuth2 client ...

Report Inappropriate Content · 02-04-2016 11:04 PM

I have an API proxy working. I was able to create an API product for it and register an app. This API proxy is using client credentials oAuth grant type. I defined a /token endpoint that takes in the client id & secret and returns a token. The other endpoint in the proxies validate the access token. I'm able to call the API correctly using curl.

I used swagger (json) to create the smartdocs model and method. It is using the https scheme correctly. When I make the call I get the 401 as expected. When I click on the "oAuth2.0 Set.." button I get a pop-up, but it doesn't let me specify my client id & secret.

After clicking OK, I get "Unable to proceed because of missing OAuth configuration."

Here's the relevant part of the swagger doc:

    "securityDefinitions": {
        "locations_oauth": {
            "type": "oauth2",
            "tokenUrl": "https://example.com/v5/locations/token",
            "flow": "application",
            "scopes": {}
        }
    },

paul_martin

So we are also using client_credentials but the piece where they try it out in our dev portal we are using a customtoken so if they want to try it out all request look like they are coming from the same token that we generated. After they try it out if they they want to register they register and they will get a consumerKey and consumerSecret which can be used to generate a valid token needed to hit our sandbox environment.

View solution in original post

Report Inappropriate Content

Do smartdocs only support the oAuth2 authorization code grant type? We're using client_credentials grant type. Below is a screenshot from the developer portal.

Report Inappropriate Content

I just found this post, which I think answers my question: https://community.apigee.com/questions/7829/how-to-add-an-oauth-20-security-scheme-with-passwo.html . It seems that since Apigee Smartdocs don't support client_credentials grant type that is causing my problem 😞 .

Does anybody know if there's an ETA for when client_credentials will be supported?

anilsr

@Marsh Gardiner @Chris Novak @cesar Any idea ?

Report Inappropriate Content

@Anil Sagar - any luck finding a work around? One of the features we wanted out of Apigee was to let developers play and test out the APIs right from within the developer portal.

anilsr

@jose.cedeno , Unfortunately, I don't have updates as of today, let me again follow with dev portal team.

shawkyfoda

Any Upodate? This is very Important. it is available in the open source swagger tools !

paul_martin

We are in the same situation. We want smartdocs to work for oauth2 with client_credentials and get

"Unable to proceed because of missing OAuth configuration." This used to work for us but broke with the latest release.

paul_martin

Actually I figured it out we are using a custom_token for 2 legged oAuth and got our 3 legged oAuth to work too. 🙂

Report Inappropriate Content

how did you get the client_crendentials grant type to work with smartdocs?

paul_martin

So if you go into smartdocs menu item under content you see models. Click on the model and you will se a sub menu, on the far right you will see something like Revision. Click on Revisions and you will see a list with a row with revision #1. Under the operations column you will see a drop down with "Revision Details" in the drop down you will see security settings click on this item. In security setings we have a row with a name like xxx-2-legged type is APIKEY. Click on the operations dropdown and select edit and you should have a Param Name filled in like "Authorization" and In which is the method you choose to pass in your Authorization in our case we use Header. click Submit. Then click above the row where it says go to the auth settings. On this page you will see a section called "Template authentication schemes" and it shows our xxx-2-legged with type APIKey, in the textbox where it shows "value for the apikey parameter" put in "Bearer xxxxxxxxxxxxxxxxxxxxxxxxxxxx". Where the x's are replaced with a non expiring token you can generate calling your oAuthV2 token endpoint with a

with <Operation>GenerateAccessToken</Operation>with <GrantType>client_credentials</GrantType> and <ExpiresIn>-1</ExpiresIn>. Hope this helps.

Report Inappropriate Content

Thanks, but I think you're using the apikey header parameter. We're using client_credentials grant type with a "/token" endpoint that generates access tokens. I did see the area where a drupal admin can specify a default set of credentials to use, but I wanted developers to have to register an application and use their own credentials to test the api. Otherwise people could test out and get production data out of an api with the credentials that the drupal admin entered.

ozanseymen

Hi @paulmartin - please note that your non-expiring token is visible in the Request tab in smartdocs when you send any request using this method you described.

paul_martin

So we are also using client_credentials but the piece where they try it out in our dev portal we are using a customtoken so if they want to try it out all request look like they are coming from the same token that we generated. After they try it out if they they want to register they register and they will get a consumerKey and consumerSecret which can be used to generate a valid token needed to hit our sandbox environment.

Report Inappropriate Content

Thanks for the response. This so far is the only work around that I can think of. I could see this working for APIs where the data is public. Some of our APIs have data that is sensitive, so we don't want anybody just being able to make a call even if it's from the docs. As you pointed out one work around would be maintaining a sandbox environment.

Report Inappropriate Content

Same here ....its not working for me. do we have any solutions ?

ozanseymen

I know this is an old thread but to complete it, here is an approach to add client credentials and password grants to smartdocs: https://github.com/giteshk/smartdocs_oauth_additions

han-zhang

Hi, We are facing the same challenge and I am trying to use this new module. So with this module, we need to put 'grant_type' parameter in Access token url of the security schema. However it s not clear to us what is this 'Access Token URL'? Can you elaborate and show me an example of this 'Access token url' ?

Thanks

Unable to get smartdoc working with oAuth2 client credentials