Race condition on Oauth2RedirectUrl

[Kruschenstein]

Hello!

I encounter a synchronization issue during Oauth2RedirectUrl generation. That's odd because it's due to swagger interface that sends two time each request (GET swagger-config & api-doc), but that's involve a race condition that generate the wrong redirect uri:

I want to add that this not happens every time, but when we are in this configuration, we couldn't authenticate and we have to reboot the server.

A priori, there is a lack of synchronization in SwaggerWelcome#buildConfigUrl(HttpServletRequest).

By the way, there is another annoying stuff about oauth2RedirectUrl because this addressed is cached too, and depending on end-user domain request, this url may change. It doesn't seem to have a way to disable the cache here, or am I wrong? (may I open another issue?)

Thank you in advance

[bnasslahsen]

Hi,

For the swagger-config loaded twice, there is a know issue on swagger-ui that is the root cause.
Our library is built on top of it.

• Configuration file downloaded 2 times when using configUrl swagger-api/swagger-ui#4825

For oauth2RedirectUrl, there is no cache around it.
But you may be describing that you need dynamic oauth2RedirectUrl. This can be handled for the next release.

[Kruschenstein]

Thank you for the answer. A dynamic oauth2RedirectUrl would really be nice for the next release, thanks again for all the work 👍

[bnasslahsen]

@Kruschenstein,

Starting from v1.4.1, the following properties can be used to prevent the load of the swagger-config twice.
Please note this properties works only in the case where there is no groups (no multiple urls and no configUrl set on the swagger-ui):

• If your REST APIs, are not using OAuth2:

springdoc.swagger-ui.display-query-params-without-oauth2=true

• If your REST APIs, are using OAuth2:

springdoc.swagger-ui.display-query-params=true