swagger-api/swagger-ui

Auth code not cleared after login, second authorization attempt fails

Open

#6 034 ouverte le 26 mai 2020

Voir sur GitHub
 (6 commentaires) (3 réactions) (0 assignés)JavaScript (8 801 forks)batch import
Hacktoberfesttype: bug

Métriques du dépôt

Stars
 (25 447 stars)
Métriques de merge PR
 (Merge moyen 20h 34m) (14 PRs mergées en 30 j)

Description

Q&A (please complete the following information)

  • OS: Windows 10
  • Browser: Chrome
  • Version: 81
  • Method of installation: nuget (Swashbuckle.Aspnetcore.Swagger)
  • Swagger-UI version: 3.25.0
  • Swagger/OpenAPI version: OpenAPI 3.0

Describe the bug you're encountering (includes steps to re-produce)

  1. Users clicks on 'Authorize' button
  2. OAuth pop-up shows and user clicks on Authorize.
  3. Login succeeds, pop-up now shows the 'Logout' button.
  4. User logs out
  5. Without closing the OAuth pop-up user tries to authorize again
  6. An error is returned, something like "error: invalid_grant, description: Authorization code is invalid or expired."

Expected behavior

User should be able to authorize/logout/authorize/etc in the same pop-up.

Screenshots

Unfortunately I cannot upload the screenshot at the moment. The error appears in the OAuth pop-up, in a red banner above the 'Authorize' and 'Close' buttons.

Additional context or thoughts

I've yet to verify my hypothesis but I suspect that Swagger UI is not clearing the auth code upon logout. So when the user tries to re-authorize, in the same pop-up, Swagger re-uses the auth code, which is only good strictly for one request (the first one).

Guide contributeur