Client credentials location - request body as default option

Question

Hi!Is there any possibility to set 'Request body' option as default one in authorization modal?

kyleshockey · Accepted Answer

Hi,
&nbsp;
This isn't currently possible -&nbsp;Swagger UI always defaults to including client credentials in an Authorization header, because the OAuth specification recommends doing so:
&nbsp;
Including the client credentials in the request-body using [client_id and client_secret] is NOT RECOMMENDED and SHOULD be limited to clients unable to directly utilize the HTTP Basic authentication scheme (or other password-based HTTP authentication schemes). RFC 6749 § 2.3.1
&nbsp;
We always default to the HTTP Basic authentication scheme (we call it the "Authorization header" credentials location) in&nbsp;Swagger UI, because&nbsp;Swagger UI (along with most HTTP-aware clients) is capable of using it.
&nbsp;
In order to support indicating where to include client credentials, a field would need to be added to the&nbsp;OpenAPI Specification's OAuth2 Flow object, which would allow password flows to indicate a preferred client credential inclusion location.

dwiekropki · Answer

Thank you for your&nbsp;comprehensive answer :)

Forum Discussion

Client credentials location - request body as default option

2 Replies

Related Content

ReadyAPI Request to API using security credentials

Stoplight Credential Creation

Virtual users with individual credentials.

Dynamically Set client credentials

Pass Credentials to Embedded Swagger UI's Try it Out

Recent Discussions

ID_TOKEN as the header in the Google OAUTH2.0

How to hide an endpoint from openaopi 3.0

I can't see the "add item" button in swagger UI

Swagger Convertor Gateway Time-out

Authorization Tag For Basic BASE64 Encoding