Has anyone had any luck getting Google Sign In (or any usage of

ImplicitOAuthSecurity

) to work in their http4k-contract swagger ui?

val googleSecurity = ImplicitOAuthSecurity(
    Uri.of("<https://accounts.google.com/o/oauth2/v2/auth>"),
    listOf(OAuthScope("email")),
    myAuthFilter
)

val api = contract {
    renderer = OpenApi3(ApiInfo("My Api", "1")) // jackson renderer
    descriptionPath = "/openapi"
    routes += generateRoutes()
    security = googleSecurity
}

val ui = swaggerUi(
    descriptionRoute = Uri.of("/openapi"),
    displayOperationId = true,
    requestSnippetsEnabled = true
)

routes(api, ui)
    .asServer(SunHttp(8000))
    .start()

Here's what I can do so far: 1. On the Swagger UI, click the "Authorize" button, and see "oauthSecurityImplicit" as an available authorization 2. Under "oauthSecurityImplicit", I have to enter my client id, and then I can click "Authorize" 3. I'm redirected to Google Sign In, and can choose an account to sign in with 4. I get redirected back to

<app_host>/oauth2-redirect.html

, which is a path that seems to have been selected by the Swagger UI (doesn't appear in the OpenApi spec) 5. 404, because my app doesn't have this path Clearly, I'm not doing something ridiculous, because the Swagger UI seems to encourage this workflow. I'm just not sure what I need to do to get it to work.

The oauth redirect page should be packaged inside th the webjar.

So

swaggerUi

is a helper function built into http4k-contract, and it doesn't use a webjar, for obvious dependency reasons. I guess if this workflow was intended for use by a webjar, then that is the obvious explanation for why the redirect fails. The current helper takes a leaf from Javalin's book and is just a static HTML document which loads swagger UI from CDN; perhaps that's a limitation of this no-dependency approach. I'll try serving the UI via webjar and see if it helps. Thanks!