swagger-api/swagger-ui

Auth code not cleared after login, second authorization attempt fails

Open

#6,034 创建于 2020年5月26日

在 GitHub 查看
 (6 评论) (3 反应) (0 负责人)JavaScript (8,801 fork)batch import
Hacktoberfesttype: bug

仓库指标

Star
 (25,447 star)
PR 合并指标
 (平均合并 20小时 34分钟) (30 天内合并 14 个 PR)

描述

Q&A (please complete the following information)

  • OS: Windows 10
  • Browser: Chrome
  • Version: 81
  • Method of installation: nuget (Swashbuckle.Aspnetcore.Swagger)
  • Swagger-UI version: 3.25.0
  • Swagger/OpenAPI version: OpenAPI 3.0

Describe the bug you're encountering (includes steps to re-produce)

  1. Users clicks on 'Authorize' button
  2. OAuth pop-up shows and user clicks on Authorize.
  3. Login succeeds, pop-up now shows the 'Logout' button.
  4. User logs out
  5. Without closing the OAuth pop-up user tries to authorize again
  6. An error is returned, something like "error: invalid_grant, description: Authorization code is invalid or expired."

Expected behavior

User should be able to authorize/logout/authorize/etc in the same pop-up.

Screenshots

Unfortunately I cannot upload the screenshot at the moment. The error appears in the OAuth pop-up, in a red banner above the 'Authorize' and 'Close' buttons.

Additional context or thoughts

I've yet to verify my hypothesis but I suspect that Swagger UI is not clearing the auth code upon logout. So when the user tries to re-authorize, in the same pop-up, Swagger re-uses the auth code, which is only good strictly for one request (the first one).

贡献者指南