Ask a Question
Log In / Sign Up
Resources
Ask a Question
Log In Sign Up

Client credentials location - request body as default option

SOLVED
Solved
dwiekropki
New Contributor
‎02-11-2019 11:20 PM
‎02-11-2019 11:20 PM

Client credentials location - request body as default option

Preview file
6 KB

Hi!
Is there any possibility to set 'Request body' option as default one in authorization modal?

0 Kudos
2 REPLIES 2
kyleshockey
Staff
Staff
‎02-12-2019 02:21 PM
‎02-12-2019 02:21 PM

Hi,

 

This isn't currently possible - Swagger UI always defaults to including client credentials in an Authorization header, because the OAuth specification recommends doing so:

 

Including the client credentials in the request-body using [client_id and client_secret] is NOT RECOMMENDED and SHOULD be limited to clients unable to directly utilize the HTTP Basic authentication scheme (or other password-based HTTP authentication schemes). 

RFC 6749 § 2.3.1

 

We always default to the HTTP Basic authentication scheme (we call it the "Authorization header" credentials location) in Swagger UI, because Swagger UI (along with most HTTP-aware clients) is capable of using it.

 

In order to support indicating where to include client credentials, a field would need to be added to the OpenAPI Specification's OAuth2 Flow object, which would allow password flows to indicate a preferred client credential inclusion location.

dwiekropki
New Contributor
In response to kyleshockey
‎02-12-2019 10:19 PM
‎02-12-2019 10:19 PM

Thank you for your comprehensive answer 🙂

0 Kudos
Subscribe
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: