You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I defined a client secret with umlauts in my web service (using OpenIddict for OAuth2 authentication in the service).
When authenticating with SwaggerUI, the login is rejected:
Using Restfox, it works without problems. And Restfox gave me a hint: the request body is url encoded:
So, I entered the client secret in SwaggerUI the same way, and it worked!
Thus I assume that SwaggerUI does not encode the client secret when sending the request, and I think it is a bug.
This is my original client secret (which fails): örotkgöodrtbjpoöidöwoi4mfwp4wf3tgwp94w9
And this is url encoded (whichs works if entered like this in the "client_secret" field: %C3%B6rotkg%C3%B6odrtbjpo%C3%B6id%C3%B6woi4mfwp4wf3tgwp94w9
I defined a client secret with umlauts in my web service (using OpenIddict for OAuth2 authentication in the service).
When authenticating with SwaggerUI, the login is rejected:
Using Restfox, it works without problems. And Restfox gave me a hint: the request body is url encoded:
client_id=myservice&client_secret=%C3%B6rotkg%C3%B6odrtbjpo%C3%B6id%C3%B6woi4mfwp4wf3tgwp94w9&grant_type=client_credentials
So, I entered the client secret in SwaggerUI the same way, and it worked!
Thus I assume that SwaggerUI does not encode the client secret when sending the request, and I think it is a bug.
This is my original client secret (which fails):
örotkgöodrtbjpoöidöwoi4mfwp4wf3tgwp94w9
And this is url encoded (whichs works if entered like this in the "client_secret" field:
%C3%B6rotkg%C3%B6odrtbjpo%C3%B6id%C3%B6woi4mfwp4wf3tgwp94w9
I use Swashbuckle (https://github.com/domaindrivendev/Swashbuckle.AspNetCore) which currently bundles SwaggerUI 5.17.14
The text was updated successfully, but these errors were encountered: