Authentication for Swagger with auth0 and using id_token in header of request

[Ivan Popovic]

I have java REST application and I have Swagger for document api calls.
I need to protect Swagger with auth0. I am using Docket for Swagger and 
this is how looks my code.

This is code from my Swagger configuration: 

@Beanpublic Docket api() { 

    List<SecurityScheme> lista = new ArrayList<>();

    lista.add(oauth());

    List<SecurityContext> listaaa = new ArrayList<>();

    listaaa.add(securityContext());

    return new Docket(DocumentationType.SWAGGER_2)  
      .select()                                  
      .apis(RequestHandlerSelectors.basePackage("some.package"))              
      .paths(PathSelectors.any())                          
      .build()
      .apiInfo(apiInfo())
      .securitySchemes(lista)
      .securityContexts(listaaa);              }

private ApiInfo apiInfo() {
    @SuppressWarnings("deprecation")
    ApiInfo apiInfo = new ApiInfo(
   "Swagger ApI", "", "", "", "", "", "");
    return apiInfo;}
private ApiKey apiKey() {
    return new ApiKey("Authorization", "Authorization", "header");

  }

private SecurityContext securityContext() {
    return SecurityContext.builder()
        .securityReferences(defaultAuth())
        .forPaths(PathSelectors.regex("/*"))
        .build();
  }
List<SecurityReference> defaultAuth() {
    AuthorizationScope authorizationScope
        = new AuthorizationScope("global", "accessEverything");
    AuthorizationScope[] authorizationScopes = new AuthorizationScope[1];
    authorizationScopes[0] = authorizationScope;

    List<SecurityReference> list = new ArrayList<>();

    list.add(  new SecurityReference("id_token", authorizationScopes));
    return list;
  }

@BeanSecurityConfiguration security() {
  return new SecurityConfiguration(
      "test-app-client-id",
      "test-app-client-secret",
      "test-app-realm",
      "test-app",
      "apiKey",
      ApiKeyVehicle.HEADER, 
      "api_key", 
      "," /*scope separator*/);}
@BeanSecurityScheme oauth() {
    return new OAuthBuilder()
            .name("oauth2")
            .grantTypes(grantTypes())
            .build();}
List<GrantType> grantTypes() {
    GrantType grantType = new ImplicitGrantBuilder()
            .loginEndpoint(new LoginEndpoint("https://appName/oauth/authorize";))
            .build();

    List<GrantType> list = new ArrayList<>();
    list.add(grantType);
    return list;}

This code works but in the header put access token and I can't use swagger on 
right way because that.

How to pick up id_token from auth0 and put them on header of swagger call?

Or can someone give me advice to resolve this maybe on other way?

-- 
You received this message because you are subscribed to the Google Groups 
"Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to swagger-swaggersocket+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.