swagger-api/swagger-ui

Auth code not cleared after login, second authorization attempt fails

Open

#6034 aperta il 26 mag 2020

Vedi su GitHub
 (6 commenti) (3 reazioni) (0 assegnatari)JavaScript (8801 fork)batch import
Hacktoberfesttype: bug

Metriche repository

Star
 (25.447 star)
Metriche merge PR
 (Merge medio 20h 34m) (14 PR mergiate in 30 g)

Descrizione

Q&A (please complete the following information)

  • OS: Windows 10
  • Browser: Chrome
  • Version: 81
  • Method of installation: nuget (Swashbuckle.Aspnetcore.Swagger)
  • Swagger-UI version: 3.25.0
  • Swagger/OpenAPI version: OpenAPI 3.0

Describe the bug you're encountering (includes steps to re-produce)

  1. Users clicks on 'Authorize' button
  2. OAuth pop-up shows and user clicks on Authorize.
  3. Login succeeds, pop-up now shows the 'Logout' button.
  4. User logs out
  5. Without closing the OAuth pop-up user tries to authorize again
  6. An error is returned, something like "error: invalid_grant, description: Authorization code is invalid or expired."

Expected behavior

User should be able to authorize/logout/authorize/etc in the same pop-up.

Screenshots

Unfortunately I cannot upload the screenshot at the moment. The error appears in the OAuth pop-up, in a red banner above the 'Authorize' and 'Close' buttons.

Additional context or thoughts

I've yet to verify my hypothesis but I suspect that Swagger UI is not clearing the auth code upon logout. So when the user tries to re-authorize, in the same pop-up, Swagger re-uses the auth code, which is only good strictly for one request (the first one).

Guida contributor