Auth0 + OpenAPI 3.0

Has anyone been able to create an OpenAPI 3.0 specification that is able to request a token from Auth0? I am running a local Swagger Editor https://github.com/swagger-api/swagger-editor.

What callback must I register with my Auth0 application? http://localhost:3001/oauth2-redirect.html

openapi: 3.0.0
info:
  version: 0.0.1
  title: My API 

servers:
  - url: '{protocol}://localhost:8081/{basePath}'
    description: My API locally hosted release
    variables:
      protocol:
        description: Protocol
        enum:
          - 'https'
          - 'http'
        default: 'https'
      basePath:
        description: Base path
        enum:
          - 'api/v1'
        default: 'api/v1'

components:
  securitySchemes:
    auth0:
      type: oauth2
      flows:
        authorizationCode:
          authorizationUrl: 'https://dev-0000-x000.auth0.com/oauth/authorize'
          tokenUrl: 'https://dev-0000-x000.auth0.com/oauth/token'
          scopes:
            {}

security: 
  - auth0: []

paths:
  /companies:
    get:
      description: Returns a list of companies              
      responses:
        '200':
          description: Successful response
4 Likes

It would be fantastic if a quickstart article was written showing how to hook up a Swagger UI/Editor with Auth0 authentication.

2 Likes

Hey there @dak2009!

Relaying the feedback just now to appropriate team to have that content created some time soon!

1 Like

@konrad.sopala Any update on this? It’s really hard to make an API without documentation for the Auth section. Would it please be possible to document documentation of Auth0?

1 Like

Hey there!

Unfortunately nothing yet.

Can you stress your need once again by going to our feedback form:

and providing this feedback directly to our product managers? Thank you! You will be contacted within 10 business days by one of them.

@konrad.sopala Any update on this?

Hey there!

Unfortunately I don’t see any progress made on this front. Definitely there is not enough people advocating for this one compared to other feature and product requests that our product team have in their backlog. Sorry for the inconvenience!

I too would benefit greatly from this! I will be sending a message to Sales in hopes that it can help get this sort of thing prioritized.

1 Like

Thanks for doing that Michael and advocating for that feature!

Indeed this would be very practical that auth0 provides an updated openapi specification.
I often use such specifications to auto generate api client which saves a lot of times.
I think you don’t have much effort to provide this because you already produces a swagger 1.2 specification.

See: Auth0 Management API v2
Check your browser requests, it actually download swagger 1.2 specifications files.
I was able to convert them to swagger 2.0 specifications files using this tool : API Spec Converter

There is some more manual modifications to be made after that but it already saves time.
If you could produce an updated spec it would be very nice, again seeing how your api documentation page is setup I don’t think it would require much effort to update it to a more recent open api file spec

Hopefully this helps someone. I found it really hard to set up Swagger in a .NET Core project, but this guide here should do it : Using Auth0 With An ASP.NET Core API - Part 3 - Swagger - .NET Core Tutorials

Doing this, then reverse engineering it, the JSON that it loads into Swagger looks like so :

 "securitySchemes": {
      "Bearer": {
        "type": "oauth2",
        "flows": {
          "implicit": {
            "authorizationUrl": "https://mydomain.us.auth0.com/authorize?audience=myapiaudience",
            "scopes": {
              "openid": "Open Id"
            }
          }
        }
      }
    }

This seems to work alright and fetches a token correctly for me.

2 Likes

Thanks for sharing it with the rest of community!

Note: this solution does not work with OpenAPI’s Java annotations.

Not sure exactly what you mean by this, but it worked perfectly with io.swagger.v3.oas.annotations and springdoc-openapi.