Skip to content

Unable to generate header in api call when using @RequestHeader #425

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Andrew3431 opened this issue Feb 14, 2020 · 4 comments
Closed

Unable to generate header in api call when using @RequestHeader #425

Andrew3431 opened this issue Feb 14, 2020 · 4 comments

Comments

@Andrew3431
Copy link

I need to allow the user to enter the bearer token in the parameter section which will be sent in header when the call is made

@Operation(summary = "userdata")
    @ApiResponses(value = {@ApiResponse(responseCode = "200", description = "ok " )})
    @RequestMapping(method = RequestMethod.GET, produces = APPLICATION_JSON_VALUE)
    @ResponseBody
    public Map<String, Object> getUserData(
            @Parameter(description = "Access token in Bearer format")
            @RequestHeader("Authorization") String authHeader)

json value is

"parameters": [
          {
            "name": "Authorization",
            "in": "header",
            "description": "Access token in Bearer format i.e. 'Bearer X' where X is  access token",
            "required": true,
            "schema": {
              "type": "string"
            }
        }
]

The access token value entered in Parameter , is not getting sent to Header as "Authorization". The curl command created by swagger is curl -X GET "http://localhost:8080/openid/userdata" -H "accept: application/json"

I want the curl command to generated as curl -X GET "http://localhost:8080/oidc/userinfo" -H "Authorization: Bearer XXX" "accept: application/json" where Bearer XXX is the value entered in Parameter. Is it possible to achieve this without sending the access token via security requirement ?
@bnasslahsen
Copy link
Collaborator

bnasslahsen commented Feb 15, 2020
edited
Loading

Hi @Andrew3431,

Your question is already answered here:

Use @securityrequirement and respect the OpenAPI specification syntax, and it should work.

Next time, please have a look at our contribution guide, on the following section: Using GitHub Issues. Because this kind of questions should go to stackoverflow:

We use GitHub issues to track bugs and enhancements. If you have a general usage question please ask on Stack Overflow.
The springdoc-openapi team and the broader community monitor the springdoc tag.

@Andrew3431
Copy link
Author

Andrew3431 commented Feb 18, 2020
edited
Loading

@bnasslahsen I am able to pass the authorization header value through the Authorize button on the top right corner of the swagger UI (I use that for all my other apis which I need to be protected with a security header). My question was, is there a way to send authorization header through the @Parameter tag. I have tried with defining a security requirement through cutomOpenAPI and then adding a @SecurityRequirement to operation. Please find the below screenshot
image

The header value does get passed through if sent using the Authorize button but not when sent in @parameter tag.
The same question was asked in one of the comments in #49. Questions about these are not getting any replies in stack overflow. Thats why I am posting it over here.

@bnasslahsen
Copy link
Collaborator

@Andrew3431,

The behaviour you are describing is not related to springdoc-openapi. But to swagger-ui:

The specification does not allow explicitly adding Authorization header. For more information, please read:

@Andrew3431
Copy link
Author

Thank you @bnasslahsen

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bnasslahsen @Andrew3431