authorization header didn't exist in requests #49
Comments
|
Hi, You should add the @securityrequirement tags to your protected APIs. @Operation(security = { @SecurityRequirement(name = "bearer-key") })And the security definition sample: @Bean
public OpenAPI customOpenAPI() {
return new OpenAPI().components(new Components().addSecuritySchemes("bearer-key",
new SecurityScheme().type(SecurityScheme.Type.HTTP).scheme("bearer").bearerFormat("JWT")));
} |
|
Extending the question. What if the authentication method applies to all the APIs? Is there a way to say that the scheme applies to all the APIs? |
|
I'm running into this exact issue, and even adding the "SecurityRequirement" and "SecurityScheme" above, it's not sending the "authorization" field in the header. Does anyone have the full code definition for this? This is what I'm using, very straightforward, on my operation (after declaring the Security Schemes in "customOpenAPI" @operation( |
|
Hi, @MugdhaB use addSecurityItem method of global OpenAPI config bean to set SecurityRequirement globally |
I've run into the same issue, do you maybe found the solution already? |
|
The behaviour you are describing is not related to springdoc-openapi. But to swagger-ui: The OpenAPI 3 specification does not allow explicitly adding Authorization header. For more information, please read:
https://swagger.io/docs/specification/describing-parameters/#header-parameters. |
|
Hi @bnasslahsen, Thanks for your reply! However, in the created api-docs, it still contains the Authorization as header parameters, also shown on the swagger ui. Any idea what is causing this? |
|
You can hide it using @Operation(summary = "User logout - remove JWT from whitelist",security = { @SecurityRequirement(name = "bearer-key") })
public String logout(@Parameter(hidden = true) @RequestHeader(name = "Authorization") String authorization) {...}If it makes sense, we might ignore Authorization as header parameters from the generated api-docs by default, on springdoc-openapi. |
I see, thanks! |
shit. Copy the token every time for try? |
Hi,
I tried to add the bearer token to all my swagger's UI requests in the next way:
@Bean public OpenAPI customOpenAPI() { return new OpenAPI().components(new Components() .addSecuritySchemes("BEARER KEY", new SecurityScheme().type(SecurityScheme.Type.HTTP) .scheme("bearer").in(SecurityScheme.In.HEADER))); }Then after my application started I pass the bearer token into an authentication form with swagger UI:
Actual result:
Bearer token didn't exist in the request.
Expected result:
Bearer token exists in the request.
Could you please clarify, what I'm doing wrong?
Thank you!
The text was updated successfully, but these errors were encountered: