As an exercise, I have been attempting to create a swagger configuration that can invoke the Azure Management API, and to run this from the online swagger editor.
I have configured it to use implicit authentication, and it almost works, but I just cannot get the Azure Framework to recognize the swagger editor as a valid redirect URL.
Here is all the steps I have taken. Can anyone spot what I'm doing wrong?
Using the Azure AD portal, I create a new Azure AD Application
In the application registration's Reply URL's, I added https://editor.swagger.io/oauth2-redirect.html
I created the following security entries in my Swagger 2.0 document:
securityDefinitions:
azureTokenAuthentication:
flow: implicit
authorizationUrl: https://login.microsoft.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/oauth2/authorize
scopes:
https://management.azure.com: Accessing the Azure API
type: oauth2
security:
- azureTokenAuthentication:
- https://management.azure.com
(The redacted GUID is my tenant id).
Now, when I click on the "Authorization" button, swagger opens up a dialog for me:
So I enter the application ID and click authorize. It then sends me to the logon URL with the following parameters:
- response_type: token
- client_id: eb482fb2-8229-434e-b5a6-9fc3e0f06968
- redirect_uri:
https://editor.swagger.io/oauth2-redirect.html
- scope:
https://management.azure.com
- state: <Base64 string>
Wed Mar 13 2019 09:16:06 GMT+1000 (Australian Eastern Standard Time)
Note that the redirect uri
matches the value I entered in the app registration.
So I enter my username and password, and then the URL gets redirected to the following:
https://login.live.com/err.srf?lc=1033#error=invalid_request&error_description=The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+a+URI+which+matches+a+redirect+URI+registered+for+this+client+application.&state=rQIIAdNiNtQztFJJTTKxMEpLMtK1MDKy1DUxNknVTTJNNNO1TEs2TjVIMzCzNLMoEuISWF1yo3vvud0Ozb9b9Z66bQ-cxcgZn5NZlqqXnJ-7ilEvo6SkoNhKXz81JbMkv0ivuDwxPT21SC8zXz8_sbQkw0i3CChTlJpcAlSZm7ODkfECI-MLRsZbTPz-jiB5EJFflFmVOos5JswoLNvT1TAjOdOxwrfSsdLXxdXU08XR1D_L1cg_y9HI0zXFL8y5uMLXxbHc0znDKSXCzyA51604Mdyt1NM1LCPZOCgnOdckPdQ4KCMpNygjOTcwPcw9pyQqONt2E7NKSqqpuZGhmZGuabJ5iq6JRVqSrmWSqaGuubmlabKpeaKZqWXyKWYZmI9yE_MS01NzU_NK9BKrSovAHr7BzHiBhfEVC48BsxUHB5cAgwSDAsMPFsZFrMCQmrTR22we8wzHyc1Bd633_2M4xapfku7mkeJk5qxfkpOb7lcUXB5SmOZb7Jef7l-c526UmVUQqV_q5Zzh4uzma2tkZTiBTeYDG2MHO8MuThID9haXiJGBoaWugbGuoZGCkbGVoZmVgXkUAA2
The interesting text I glean from this is:
The provided value for the input parameter 'redirect_uri' is not valid. The expected value is a URI which matches a redirect URI registered for this client application.
But it DOES match! What am I doing wrong?!?