From 56920149bc842e1c502965ef1cc95ccb92667e2b Mon Sep 17 00:00:00 2001
From: Jason Roberts <jason.roberts@smilecdr.com>
Date: Fri, 17 Sep 2021 09:48:39 -0400
Subject: [PATCH 1/3] add support for OIDC authentication to Swagger API

---
 .../uhn/fhir/rest/openapi/OpenApiInterceptor.java | 15 ++++++++++++++-
 .../resources/ca/uhn/fhir/rest/openapi/index.css  |  2 +-
 .../resources/ca/uhn/fhir/rest/openapi/index.html |  4 +++-
 3 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/hapi-fhir-server-openapi/src/main/java/ca/uhn/fhir/rest/openapi/OpenApiInterceptor.java b/hapi-fhir-server-openapi/src/main/java/ca/uhn/fhir/rest/openapi/OpenApiInterceptor.java
index 7caad2dbb78..13a3107cc02 100644
--- a/hapi-fhir-server-openapi/src/main/java/ca/uhn/fhir/rest/openapi/OpenApiInterceptor.java
+++ b/hapi-fhir-server-openapi/src/main/java/ca/uhn/fhir/rest/openapi/OpenApiInterceptor.java
@@ -262,6 +262,13 @@ public class OpenApiInterceptor {
 				return true;
 			}
 
+			if (resourcePath.endsWith(".html")) {
+				theResponse.setContentType(Constants.CT_HTML);
+				theResponse.setStatus(200);
+				IOUtils.copy(resource, theResponse.getOutputStream());
+				theResponse.getOutputStream().close();
+				return true;
+			}
 		}
 		return false;
 	}
@@ -336,12 +343,18 @@ public class OpenApiInterceptor {
 		String page = extractPageName(theRequestDetails, PAGE_SYSTEM);
 		context.setVariable("PAGE", page);
 
+		populateOIDCVariables(context);
+
 		String outcome = myTemplateEngine.process("index.html", context);
 
 		theResponse.getWriter().write(outcome);
 		theResponse.getWriter().close();
 	}
 
+	protected void populateOIDCVariables(WebContext context) {
+		context.setVariable("OAUTH2_REDIRECT_URL_PROPERTY", "");
+	}
+
 	private String extractPageName(ServletRequestDetails theRequestDetails, String theDefault) {
 		String[] pageValues = theRequestDetails.getParameters().get("page");
 		String page = null;
@@ -354,7 +367,7 @@ public class OpenApiInterceptor {
 		return page;
 	}
 
-	private OpenAPI generateOpenApi(ServletRequestDetails theRequestDetails) {
+	protected OpenAPI generateOpenApi(ServletRequestDetails theRequestDetails) {
 		String page = extractPageName(theRequestDetails, null);
 
 		CapabilityStatement cs = getCapabilityStatement(theRequestDetails);
diff --git a/hapi-fhir-server-openapi/src/main/resources/ca/uhn/fhir/rest/openapi/index.css b/hapi-fhir-server-openapi/src/main/resources/ca/uhn/fhir/rest/openapi/index.css
index a94d230ed3c..b921df6148a 100644
--- a/hapi-fhir-server-openapi/src/main/resources/ca/uhn/fhir/rest/openapi/index.css
+++ b/hapi-fhir-server-openapi/src/main/resources/ca/uhn/fhir/rest/openapi/index.css
@@ -18,7 +18,7 @@ body
     background: #fafafa;
 }
 
-.scheme-container, .information-container
+.information-container
 {
     display: none
 }
diff --git a/hapi-fhir-server-openapi/src/main/resources/ca/uhn/fhir/rest/openapi/index.html b/hapi-fhir-server-openapi/src/main/resources/ca/uhn/fhir/rest/openapi/index.html
index a1e0d16659d..f3ff503295f 100644
--- a/hapi-fhir-server-openapi/src/main/resources/ca/uhn/fhir/rest/openapi/index.html
+++ b/hapi-fhir-server-openapi/src/main/resources/ca/uhn/fhir/rest/openapi/index.html
@@ -1,3 +1,4 @@
+<!DOCTYPE html>
 <html lang="en" xmlns:th="http://www.thymeleaf.org">
 <head>
     <meta charset="UTF-8">
@@ -55,7 +56,8 @@
             plugins: [
                 // SwaggerUIBundle.plugins.DownloadUrl
             ],
-            // layout: "StandaloneLayout"
+            // layout: "StandaloneLayout",
+            oauth2RedirectUrl: "[[${OAUTH2_REDIRECT_URL_PROPERTY}]]"
         });
         // End Swagger UI call region
 

From a866feb730945c96d289209a8723a58e206b7f6f Mon Sep 17 00:00:00 2001
From: Jason Roberts <jason.roberts@smilecdr.com>
Date: Fri, 17 Sep 2021 11:41:51 -0400
Subject: [PATCH 2/3] changelog

---
 .../fhir/changelog/5_6_0/3005-oidc-support-in-swagger.yaml   | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/5_6_0/3005-oidc-support-in-swagger.yaml

diff --git a/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/5_6_0/3005-oidc-support-in-swagger.yaml b/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/5_6_0/3005-oidc-support-in-swagger.yaml
new file mode 100644
index 00000000000..7a924a3fd8f
--- /dev/null
+++ b/hapi-fhir-docs/src/main/resources/ca/uhn/hapi/fhir/changelog/5_6_0/3005-oidc-support-in-swagger.yaml
@@ -0,0 +1,5 @@
+---
+type: add
+issue: 3005
+jira: SMILE-723
+title: "Open up the visibility of some methods in the generation of the Open API definition files to allow extenders to add support for OIDC authorization."

From 4051fe084937e728f8ebd027cff76ae40af62f8e Mon Sep 17 00:00:00 2001
From: Jason Roberts <jason.roberts@smilecdr.com>
Date: Fri, 17 Sep 2021 14:17:33 -0400
Subject: [PATCH 3/3] code review feedback

---
 .../ca/uhn/fhir/rest/openapi/OpenApiInterceptor.java  |  6 +++---
 .../uhn/fhir/rest/openapi/OpenApiInterceptorTest.java | 11 +++++++++++
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/hapi-fhir-server-openapi/src/main/java/ca/uhn/fhir/rest/openapi/OpenApiInterceptor.java b/hapi-fhir-server-openapi/src/main/java/ca/uhn/fhir/rest/openapi/OpenApiInterceptor.java
index 13a3107cc02..9a3117c0d2f 100644
--- a/hapi-fhir-server-openapi/src/main/java/ca/uhn/fhir/rest/openapi/OpenApiInterceptor.java
+++ b/hapi-fhir-server-openapi/src/main/java/ca/uhn/fhir/rest/openapi/OpenApiInterceptor.java
@@ -343,7 +343,7 @@ public class OpenApiInterceptor {
 		String page = extractPageName(theRequestDetails, PAGE_SYSTEM);
 		context.setVariable("PAGE", page);
 
-		populateOIDCVariables(context);
+		populateOIDCVariables(theRequestDetails, context);
 
 		String outcome = myTemplateEngine.process("index.html", context);
 
@@ -351,8 +351,8 @@ public class OpenApiInterceptor {
 		theResponse.getWriter().close();
 	}
 
-	protected void populateOIDCVariables(WebContext context) {
-		context.setVariable("OAUTH2_REDIRECT_URL_PROPERTY", "");
+	protected void populateOIDCVariables(ServletRequestDetails theRequestDetails, WebContext theContext) {
+		theContext.setVariable("OAUTH2_REDIRECT_URL_PROPERTY", "");
 	}
 
 	private String extractPageName(ServletRequestDetails theRequestDetails, String theDefault) {
diff --git a/hapi-fhir-server-openapi/src/test/java/ca/uhn/fhir/rest/openapi/OpenApiInterceptorTest.java b/hapi-fhir-server-openapi/src/test/java/ca/uhn/fhir/rest/openapi/OpenApiInterceptorTest.java
index c7afe2ad42a..66d649cbfb1 100644
--- a/hapi-fhir-server-openapi/src/test/java/ca/uhn/fhir/rest/openapi/OpenApiInterceptorTest.java
+++ b/hapi-fhir-server-openapi/src/test/java/ca/uhn/fhir/rest/openapi/OpenApiInterceptorTest.java
@@ -213,6 +213,17 @@ public class OpenApiInterceptorTest {
 		assertEquals(null, url);
 	}
 
+	@Test
+	public void testStandardRedirectScriptIsAccessible() throws IOException {
+		myServer.getRestfulServer().registerInterceptor(new AddResourceCountsInterceptor());
+		myServer.getRestfulServer().registerInterceptor(new OpenApiInterceptor());
+
+		HttpGet get = new HttpGet("http://localhost:" + myServer.getPort() + "/fhir/swagger-ui/oauth2-redirect.html");
+		try (CloseableHttpResponse response = myClient.execute(get)) {
+			assertEquals(200, response.getStatusLine().getStatusCode());
+		}
+	}
+
 	private String fetchSwaggerUi(String url) throws IOException {
 		String resp;
 		HttpGet get = new HttpGet(url);