Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Fails to render the specification if it contains oauth2 security scheme with password flow #1007

Open
pltod2 opened this issue May 29, 2024 · 6 comments
Open

[BUG] Fails to render the specification if it contains oauth2 security scheme with password flow #1007

pltod2 opened this issue May 29, 2024 · 6 comments

Comments

@pltod2
Copy link

pltod2 commented May 29, 2024
edited
Loading

Description

When the specification contains securityScheme of type oauth2 that contains password flow and that scheme is referred in the document the spec fails to render. It happens in all the major browsers.

Expected result

The specification must be rendered successfully.

Actual result

The specification is not rendered, we get blank screen instead.

Steps to reproduce

The fastest way to reproduce is in async api studio which uses this component under the hood.
Add the following under components/securitySchemes:

    oauth2Password:
      type: oauth2
      description: OAuth 2.0 example
      flows:
        password:
          tokenUrl: https://auth.example.com/oauth/token
          refreshUrl: https://auth.example.com
          availableScopes:
            read:user: Read user information

Just adding the scheme is ok but if we further refer the scheme it will result in browser rendering a blank page. The error that can be seen in the console is:

Screenshot 2024-05-29 at 10 54 39

Troubleshooting

As described in the spec the authorizationUrl does not apply to password flow.

However in the code it is handled as always present, which causes "undefined is not an object (evaluating 'i.authorizationUrl')" error.
@github-actions GitHub Actions
Copy link

Welcome to AsyncAPI. Thanks a lot for reporting your first issue. Please check out our contributors guide and the instructions about a basic recommended setup useful for opening a pull request.
Keep in mind there are also other channels you can use to interact with AsyncAPI community. For more details check out this issue.

@derberg
Copy link
Member

derberg commented Jun 20, 2024

@pltod2 can you open a PR?

normally flow.authorizationUrl() should just return undefined (https://github.com/asyncapi/parser-js/blob/master/src/models/oauth-flow.ts#L6) but yeah, you can add a check based on hasAuthorizationUrl()

@pltod2
Copy link
Author

pltod2 commented Jun 25, 2024

@derberg I will try. If I manage to submit PR by tomorrow and it is approved, do you know when the fix will be released?

@derberg Volta.net
Copy link
Member

derberg commented Jun 25, 2024

we use conventional commits with supporting automation, so once you submit a PR, with PR title containing prefix "fix: ", after merging, patch automatically goes out in few minutes.

longest takes review and getting PR accepted for merge - this is hard to predict

@derberg
Copy link
Member

derberg commented Jun 25, 2024

yeah, release takes like 15min after merging PR -> #1019 (comment)

@pltod2
Copy link
Author

pltod2 commented Jun 26, 2024

@derberg here is the PR #1023. The problem was slightly different though than the one in my initial troubleshooting analysis.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@derberg @pltod2