BB2-3353 Initialize oAuth and allow logout flow in openapi (#1247)

* BB2-3353 Initialize oAuth and allow logout

* Add swagger documentation and fix request interceptor

Author: stiwarisemanticbits

apps/docs/templates/openapi.html

@@ -40,12 +40,14 @@
 
   <body>
     <div id="swagger-ui"></div>
+    <button id="custom-logout-button">Logout</button>
 
     <script src="{% static 'swagger-ui-4.15.5-dist/swagger-ui-bundle.js' %}" charset="UTF-8"> </script>
     <script src="{% static 'swagger-ui-4.15.5-dist/swagger-ui-standalone-preset.js' %}" charset="UTF-8"> </script>
     <script>
     window.onload = function() {
-      const ui = SwaggerUIBundle({
+      let ui;
+      ui = SwaggerUIBundle({
         urls: [
             {
                 url: "{% static 'openapi.yaml' %}",
@@ -60,13 +62,20 @@
         ],
         layout: "StandaloneLayout",
         requestInterceptor: (request) => {
-            const accessToken = localStorage.getItem('access_token');
-            if (accessToken) {
-                request.headers['Authorization'] = `Bearer ${accessToken}`;
+            if (ui) {
+              const serverUrl = ui.specSelectors.specJson().toJS().servers[0].url;
+              const accessToken = localStorage.getItem('access_token');
+              if (accessToken && request.url.startsWith(serverUrl)) {
+                  request.headers['Authorization'] = `Bearer ${accessToken}`;
+              }
             }
-
+            
             return request;
         },
+        onComplete: function() {
+          initializeOauthData()
+          addLogoutButton();
+        },
 
         oauth2RedirectUrl: window.location.origin + "/docs/oauth2-redirect"
       });
@@ -83,14 +92,14 @@
           // Save OAuth2 details to localStorage
           const serializedData = serializeObject(window.swaggerUIRedirectOauth2)
           /**
-           *  swaggerUIRedirectOauth2 contains information regarding oauth2 clientId, clientSecret etc.
+           * swaggerUIRedirectOauth2 contains information regarding oauth2 clientId, clientSecret etc.
            * This will be required by static/oauth2-redirect.html and will be deserialized there
            */
           localStorage.setItem('swaggerUIRedirectOauth2', serializedData);
           window.dispatchEvent(new Event('storage'));
-        }
+      }
 
-        function serializeObject(obj) {
+      function serializeObject(obj) {
           const serializedObj = { ...obj };
           for (const key in serializedObj) {
               if (typeof serializedObj[key] === 'function') {
@@ -100,13 +109,77 @@
           return JSON.stringify(serializedObj);
       }
 
+      function deserializeObject(serialized) {
+          const parsedObj = JSON.parse(serialized);
+          for (const key in parsedObj) {
+              if (typeof parsedObj[key] === 'string' && parsedObj[key].startsWith('function')) {
+                  parsedObj[key] = new Function('return ' + parsedObj[key])();
+              }
+          }
+          return parsedObj;
+      }
+
       // Event listener for authorize button click
       document.addEventListener('click', (event) => {
           if (event.target && event.target.matches('button.btn.modal-btn.auth.authorize.button')) {
               waitForSwaggerUIRedirectOauth2();
           }
       });
 
+      function initializeOauthData() {
+          const oauth2Data = localStorage.getItem('swaggerUIRedirectOauth2');
+          if (!oauth2Data) {
+            return;
+          }
+          const oauth2 = deserializeObject(oauth2Data)
+          const tokenUrl = oauth2.auth.schema.tokenUrl;
+          const clientId = oauth2.auth.clientId
+          const clientSecret = oauth2.auth.clientSecret;
+          const redirectUri = oauth2.redirectUrl
+          const scopes = oauth2.auth.scopes.join(" ");
+          ui.initOAuth({
+              clientId: clientId,
+              clientSecret: clientSecret,
+              scopeSeparator: " ",
+              scopes: scopes
+          })
+      }
+
+      function addLogoutButton() {
+          const accessToken = localStorage.getItem('access_token');
+          if (!accessToken) {
+            return;
+          }
+
+          const authWrapper = document.querySelector('.auth-wrapper');
+          if (!authWrapper) {
+              return;
+          }
+
+          const customButtonsWrapper = document.createElement('div');
+          customButtonsWrapper.id = 'custom-buttons';
+          customButtonsWrapper.style.display = 'flex';
+          customButtonsWrapper.style.alignItems = 'center';
+          customButtonsWrapper.style.marginLeft = '20px';
+
+          const classNames = ['btn', 'modal-btn', 'auth', 'button'];
+          const logoutButton = document.createElement('button');
+
+          logoutButton.id = 'logoutButton';
+          logoutButton.classList.add(...classNames);
+          logoutButton.textContent = 'Logout';
+          logoutButton.style.marginLeft = '10px';
+
+          logoutButton.addEventListener('click', function() {
+              localStorage.removeItem('access_token');
+              localStorage.removeItem('swaggerUIRedirectOauth2');
+              logoutButton.style.display = 'none';
+           });
+          
+          customButtonsWrapper.appendChild(logoutButton);
+          authWrapper.parentElement.insertBefore(customButtonsWrapper, authWrapper.nextSibling);
+      }
+
     };
 
   </script>

static/openapi.yaml

@@ -2,7 +2,18 @@ openapi: 3.0.3
 info:
   title: BlueButton 2.0
   version: 1.0.0
-  description: "In order to try out the API you'll first need to get an access token and use it in the Authorize -> bearerAuth setting. To get one you can use the [test client](https://sandbox.bluebutton.cms.gov/testclient/), [postman](https://bluebutton.cms.gov/developers/#try-the-api), or your own local setup. The metadata endpoint is unprotected so you can use it without an access code. The metadata results will tell you what query parameters are available for the different fhir endpoints." 
+  description: |
+    To try out the API using Swagger UI, follow these steps:
+
+    1. **Create an Application**: Ensure you have an application set up on [CMS Sandbox](https://sandbox.bluebutton.cms.gov).
+    2. **Update Application Settings**: Go to your application settings and add [https://sandbox.bluebutton.cms.gov/docs/oauth2-redirect](https://sandbox.bluebutton.cms.gov/docs/oauth2-redirect) to the "Callback URLs / Redirect URIs" field under "App Details - Required Information". Save the updated application settings.
+    3. **Store Client Credentials**: Note down and securely store your client_id and client_secret from your CMS Sandbox application. These credentials will be used later.
+    4. **Authorize in Swagger UI**: Open this Swagger UI and click on the "Authorize" button.
+    5. **Authorize Access**: Within the prompt, input your client_id and client_secret, choose the scopes you want to use in your testing, and click "Authorize" to open a new tab where you will grant consent to your application from a sample beneficiary. In order to log in, you can use a sample beneficiary using the login instructions from [this link](https://sandbox.bluebutton.cms.gov/testclient/authorize-link-v2).
+    6. **Complete Consent**: Follow the prompts to complete the consent form.
+    7. **Return to Swagger UI**: After consenting, you will be redirected back to this Swagger UI.
+    8. **Explore APIs**: You can now start exploring and testing the APIs by providing the relevant parameters.
+
 paths:
   /.well-known/openid-configuration:
     get: