Using Swagger UI from Springdoc OpenAPI 1.5.11 in a Spring Boot 2.5.3 web application that exposes a REST API.
The REST API is secured using a bearer provided JWT token.
I successfully configured Springdoc to display the "Authorize" button with bearer authorization, where users can type a valid JWT token, and use that token when calling the REST API.
Hence, using the REST API is properly secured.
But viewing the REST API (endpoints, methods, input and output data structures, etc) must also be secured. This means that the API definition endpoint (the one defined by "springdoc.api-docs.path") called by Swagger UI should also use the token.
So far, I could not make Swagger UI use token to fetch the API definition, see snapshot.
Is this possible ?
Related
I'm developing an app.
Front/bff/api.
I'm using an open id provider that allows to check token remotely.
The bff intercepts the front requests and sends them to the API with the jwt token in the header.
The api should ask the open ip provider if the token is correct (but remotely, not using the offline mode with the public key ).
The api is a spring boot 3.0.1 project.
How to configure security in spring boot 3.0.1 to do that check?
Thank you in advance.
You do that with access-token introspection. In spring-security conf, that means using opaqueToken() instead of jwt() (the first configures a resource-server with introspection and the second with a JWT decoder).
Be aware that token introspection is far less efficient than using a JWT decoder as a request is sent to the authorization-server for each and every request to a resource-server. Tutorial there.
I have an external api which we are using for generating token. We want to add this api in our project doc which is swagger. I want to generate token and authorise all apis available in project directly from swagger UI.
We want to generate token directly from swagger3 and spring boot.
I registered the app in an azure ad, and I have application id(client id) and directory id (tenant id), and secret key.
using this need to generate the jwt token in the azure ad and need to validate that token.
once the token generate need to call the third-party API's using that token in spring boot application.
please provide some example
To achieve the above requirement. You can take Reference of this Post to call the third-party Api using the JWT token using spring boot application.
In the above, there is tutorial they have built a Spring Boot Application that supports Token based Authentication with JWT. Please refer the section How to configure Spring Security to work with JWT that might be solution of requirement.
I am working on a Spring Boot application where existing user authentication is based on Oauth2 with 2FA. Now, I would like to call the APIs in my application from the third-party client as well, say from another service.
Basically, I would like to develop one auth API, where on providing a valid client name, valid API key, and API secret, the client will get an auth token, which will be valid for say 1 hour. Then this auth token can be passed in all successive API invocation until the token gets expired.
I found a few articles here:
a. Securing Spring Boot API with API key and secret
b. How to secure spring Boot API with API key and secret
c. how to implement api key secure in spring boot?
d. How to config multiple level authentication for spring boot RESTful web service?
But, I am not getting any concrete idea regarding, how to achieve this.
Could you please suggest how can I achieve this? Thanks
I run my app with Spring Boot using JWT token for authentication. I have a filter checks a token. Also my app provide rest API documentation with Swagger 2. I don't want my rest api will be public
So my question is, how i can provide a security for Swagger access? and can provide basic security for it?