swagger-api/swagger-ui

Auth code not cleared after login, second authorization attempt fails

Open

#6.034 geöffnet am 26. Mai 2020

Auf GitHub ansehen
 (6 Kommentare) (3 Reaktionen) (0 zugewiesene Personen)JavaScript (8.801 Forks)batch import
Hacktoberfesttype: bug

Repository-Metriken

Stars
 (25.447 Stars)
PR-Merge-Metriken
 (Durchschn. Merge 20h 34m) (14 gemergte PRs in 30 T)

Beschreibung

Q&A (please complete the following information)

  • OS: Windows 10
  • Browser: Chrome
  • Version: 81
  • Method of installation: nuget (Swashbuckle.Aspnetcore.Swagger)
  • Swagger-UI version: 3.25.0
  • Swagger/OpenAPI version: OpenAPI 3.0

Describe the bug you're encountering (includes steps to re-produce)

  1. Users clicks on 'Authorize' button
  2. OAuth pop-up shows and user clicks on Authorize.
  3. Login succeeds, pop-up now shows the 'Logout' button.
  4. User logs out
  5. Without closing the OAuth pop-up user tries to authorize again
  6. An error is returned, something like "error: invalid_grant, description: Authorization code is invalid or expired."

Expected behavior

User should be able to authorize/logout/authorize/etc in the same pop-up.

Screenshots

Unfortunately I cannot upload the screenshot at the moment. The error appears in the OAuth pop-up, in a red banner above the 'Authorize' and 'Close' buttons.

Additional context or thoughts

I've yet to verify my hypothesis but I suspect that Swagger UI is not clearing the auth code upon logout. So when the user tries to re-authorize, in the same pop-up, Swagger re-uses the auth code, which is only good strictly for one request (the first one).

Contributor Guide