Add swagger documentation and fix request interceptor

apps/docs/templates/openapi.html

@@ -46,7 +46,8 @@
     <script src="{% static 'swagger-ui-4.15.5-dist/swagger-ui-standalone-preset.js' %}" charset="UTF-8"> </script>
     <script>
     window.onload = function() {
-      const ui = SwaggerUIBundle({
+      let ui;
+      ui = SwaggerUIBundle({
         urls: [
             {
                 url: "{% static 'openapi.yaml' %}",
@@ -61,11 +62,14 @@
         ],
         layout: "StandaloneLayout",
         requestInterceptor: (request) => {
-            const accessToken = localStorage.getItem('access_token');
-            if (accessToken) {
-                request.headers['Authorization'] = `Bearer ${accessToken}`;
+            if (ui) {
+              const serverUrl = ui.specSelectors.specJson().toJS().servers[0].url;
+              const accessToken = localStorage.getItem('access_token');
+              if (accessToken && request.url.startsWith(serverUrl)) {
+                  request.headers['Authorization'] = `Bearer ${accessToken}`;
+              }
             }
-
+            
             return request;
         },
         onComplete: function() {
@@ -88,7 +92,7 @@
           // Save OAuth2 details to localStorage
           const serializedData = serializeObject(window.swaggerUIRedirectOauth2)
           /**
-           *  swaggerUIRedirectOauth2 contains information regarding oauth2 clientId, clientSecret etc.
+           * swaggerUIRedirectOauth2 contains information regarding oauth2 clientId, clientSecret etc.
            * This will be required by static/oauth2-redirect.html and will be deserialized there
            */
           localStorage.setItem('swaggerUIRedirectOauth2', serializedData);

static/openapi.yaml

@@ -2,7 +2,18 @@ openapi: 3.0.3
 info:
   title: BlueButton 2.0
   version: 1.0.0
-  description: "In order to try out the API you'll first need to get an access token and use it in the Authorize -> bearerAuth setting. To get one you can use the [test client](https://sandbox.bluebutton.cms.gov/testclient/), [postman](https://bluebutton.cms.gov/developers/#try-the-api), or your own local setup. The metadata endpoint is unprotected so you can use it without an access code. The metadata results will tell you what query parameters are available for the different fhir endpoints." 
+  description: |
+    To try out the API using Swagger UI, follow these steps:
+
+    1. **Create an Application**: Ensure you have an application set up on [CMS Sandbox](https://sandbox.bluebutton.cms.gov).
+    2. **Update Application Settings**: Go to your application settings and add [https://sandbox.bluebutton.cms.gov/docs/oauth2-redirect](https://sandbox.bluebutton.cms.gov/docs/oauth2-redirect) to the "Callback URLs / Redirect URIs" field under "App Details - Required Information". Save the updated application settings.
+    3. **Store Client Credentials**: Note down and securely store your client_id and client_secret from your CMS Sandbox application. These credentials will be used later.
+    4. **Authorize in Swagger UI**: Open this Swagger UI and click on the "Authorize" button.
+    5. **Authorize Access**: Within the prompt, input your client_id and client_secret, choose the scopes you want to use in your testing, and click "Authorize" to open a new tab where you will grant consent to your application from a sample beneficiary. In order to log in, you can use a sample beneficiary using the login instructions from [this link](https://sandbox.bluebutton.cms.gov/testclient/authorize-link-v2).
+    6. **Complete Consent**: Follow the prompts to complete the consent form.
+    7. **Return to Swagger UI**: After consenting, you will be redirected back to this Swagger UI.
+    8. **Explore APIs**: You can now start exploring and testing the APIs by providing the relevant parameters.
+
 paths:
   /.well-known/openid-configuration:
     get: