Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenAPI 3.1.0 support: mutualTLS support #8020

Open
IvanHalim opened this issue May 12, 2022 · 2 comments
Open

OpenAPI 3.1.0 support: mutualTLS support #8020

IvanHalim opened this issue May 12, 2022 · 2 comments
Labels
type: feature version: 5.x

Comments

@IvanHalim
Copy link

IvanHalim commented May 12, 2022
edited

How can we help?

Hi Swagger,
Amazon API Gateway released mutual TLS authentication for Amazon API Gateway:
https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/

So now we need to provide the .key and .cert file as part of the request:

curl --key my_client.key --cert my_client.pem https://api.yourdomain.com

Does swagger-ui have any support for this?
@alexb-uk
Copy link

alexb-uk commented Aug 8, 2022

FYI for anyone else that arrives here after a google search....

MTLS support in Swagger UI is not actually required / appropriate. Instead add your client certificate to your browser and it will automatically be used.

For many browsers this is done by adding the certificate to your operating system cert store. I've done this using Chrome on Windows 11 ✅ by importing the *.pfx file into my Personal user area.

@char0n char0n self-assigned this Aug 18, 2023
@char0n char0n changed the title Mutual TLS Support for Swagger UI OpenAPI 3.1.0 support: mutualTLS support Aug 18, 2023
@char0n
Copy link
Member

char0n commented Aug 18, 2023
edited

Hi everybody,

NOTE: this is OpenAPI 3.1.0 specific feature

Here is proposed implementation:

Inside the Auth dialog, we can just display the information that the mutualTLS was defined and the only additional field that applies to this type from Security Scheme Object is description.

Reasoning

Chrome, Edge, IE, and Safari are all configured to use client certificates and private keys provided by the OS.

Beginning with version 75, Firefox can be configured to use client certificates and private keys provided by the OS on Windows and macOS. In general, this is now the preferred and simplest method to use client certificates in Firefox.

So all major browsers now uses OS to provide client certificates for them and it's now the recommended way. There nothing we can do with JavaScript inside the browser to manage the certificates for mTLS communication.

There is also a native "TLS client certificate dialog" as described in here: Fetch Standard

It looks like this in latest Edge:
image

and this dialog displays all certificates that meet the server’s filtering criteria

this is all native stuff and doesn't concern us; So to implement implement mutualTLS support in SwaggerUI might mean only to somehow indicate that it's defined, but that's about it.

We don't need to provide info how to create/upload certificate to the browser, as that's now managed via OS and every OS does it differently.

@char0n char0n removed their assignment Aug 22, 2023
@char0n char0n mentioned this issue Sep 6, 2023
Merged
char0n added a commit that referenced this issue Sep 7, 2023
@char0n
refactor: utilize nested wrapping (#9196)
5924a40 
Refs #8020
char0n added a commit that referenced this issue Sep 7, 2023
@char0n
refactor: reuse selector logic
74c82f7 
Refs #8020
@char0n char0n mentioned this issue Sep 7, 2023
Merged
char0n added a commit that referenced this issue Sep 7, 2023
@char0n
refactor: reuse selector logic (#9197)
a586488 
Refs #8020
char0n added a commit that referenced this issue Sep 13, 2023
@tekyu @char0n
feat: add mutualTLS auth option (#9193)
89cdd7b 
Refs #8020 

Co-authored-by: Vladimír Gorej <vladimir.gorej@smartbear.com>
@304NotModified 304NotModified mentioned this issue Nov 14, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: feature version: 5.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@char0n @alexb-uk @IvanHalim