fix(oidc): correctly authorize OIDC swagger UI

ost-cas-fee-adv-22-23 · Jan 27, 2023 · 881468c · 881468c
1 parent a2cbcf6
commit 881468c
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 10 deletions.
diff --git a/infrastructure/prod/cloud-run.tf b/infrastructure/prod/cloud-run.tf
@@ -96,6 +96,16 @@ resource "google_cloud_run_service" "api" {
           value = "https://${local.zitadel_issuer}"
         }
 
+        env {
+          name  = "AUTH_CLIENT_ID"
+          value = "181236603920908545@cas_fee_adv_qwacker_prod"
+        }
+
+        env {
+          name  = "AUTH_REDIRECT_URI"
+          value = "https://qwacker-api-http-prod-4cxdci3drq-oa.a.run.app/rest/oauth2-redirect.html"
+        }
+
         env {
           name = "AUTH_JWT_KEY"
           value_from {

diff --git a/src/main.ts b/src/main.ts
@@ -50,28 +50,30 @@ async function bootstrap() {
       'Users',
       'User related calls. Fetch information about users in the system.',
     )
-    .addBearerAuth(
+    .addOAuth2(
       {
         type: 'openIdConnect',
         description: 'ZITADEL Authentication',
         name: 'ZITADEL',
         in: 'header',
         openIdConnectUrl:
           'https://cas-fee-advanced-ocvdad.zitadel.cloud/.well-known/openid-configuration',
-        flows: {
-          authorizationCode: {
-            scopes: {
-              openid: 'openid',
-              profile: 'profile',
-            },
-          },
-        },
       },
       'ZITADEL',
     )
     .build();
   const document = SwaggerModule.createDocument(app, swagger);
-  SwaggerModule.setup('rest', app, document);
+  SwaggerModule.setup('rest', app, document, {
+    swaggerOptions: {
+      persistAuthorization: true,
+      oauth2RedirectUrl: process.env.AUTH_REDIRECT_URI,
+      initOAuth: {
+        clientId: process.env.AUTH_CLIENT_ID,
+        scopes: 'openid profile email',
+        usePkceWithAuthorizationCodeGrant: true,
+      },
+    },
+  });
 
   await app.startAllMicroservices();
   log(