Issue 'Authorization: Bearer <token>' in a Swagger openAPI Annotations
Authorization has nothing to do with XSRF-TOKEN. I also had the same issue and solved it after several hours of googling. Here are the changes you might want to try:
Remove these lines:
* @OA\Parameter(
* name="Authorization",
* in="header",
* required=true,
* description="Bearer {access-token}",
* @OA\Schema(
* type="bearerAuth"
* )
* ),
And change this:
* @OA\SecurityScheme(
* securityScheme="bearerAuth",
* in="header",
* name="Authorization",
* type="http",
* scheme="Bearer",
* bearerFormat="JWT",
* ),
to
* @OA\SecurityScheme(
* securityScheme="bearerAuth",
* in="header",
* name="bearerAuth",
* type="http",
* scheme="bearer",
* bearerFormat="JWT",
* ),
Note that the "Bearer" and "bearer" are differed.
spezia
Updated on June 22, 2022Comments
-
spezia almost 2 years
I use these packages (installed via composer)
"swagger-api/swagger-ui": "^3.0",
"zircote/swagger-php": "~2.0|3.*"In my def controller I have these annotations
/** * @OA\Info(title="My API", version="0.1") * @OA\Schemes(format="http") * @OA\SecurityScheme( * securityScheme="bearerAuth", * in="header", * name="Authorization", * type="http", * scheme="Bearer", * bearerFormat="JWT", * ), * @OA\Tag( * name="Auth", * description="Auth endpoints", * ) * @OA\Tag( * name="Users", * description="Users endpoints", * ) */ class Controller extends BaseController
Then I have method
/** * * @OA\Get( * path="/users", * operationId="getListOfUsers", * tags={"Users"}, * description="Get list of users", * security={{"bearerAuth":{}}}, * @OA\Parameter( * name="Authorization", * in="header", * required=true, * description="Bearer {access-token}", * @OA\Schema( * type="bearerAuth" * ) * ), * @OA\Response( * response=200, * description="Get list of users.", * @OA\JsonContent(type="object", * @OA\Property(property="message", type="string"), * @OA\Property(property="data", type="array", * @OA\Items(type="object", * @OA\Property(property="id", type="integer"), * @OA\Property(property="name", type="string"), * @OA\Property(property="email", type="string"), * ), * ), * ), * ), * @OA\Response(response=401, description="Unauthorized"), * @OA\Response(response=404, description="Not Found"), * ) * * @return JsonResponse */ public function users()
So, when I try to test this route via swagger ui, I am getting error
401, "message": "Unauthenticated."
When I checked header (Firefox), I have not seen
Authorization: Bearer {{access-token}}
but I have my token in
Cookie: XSRF-TOKEN=eyJpdiI6Ik5COUV5Y1ltRTM4eXNsRlpLY2ptTGc9PSIsInZhbHVlIjoiNDFCbG95c1RHSHRFT0IyWWZ4aWFRQVJ6RHhTS1A4SFJiQXp2amlQc3RCUFRUWWs5R3RQQ0ZlakdFNnlvRm50MSIsIm1hYyI6ImM...
Swagger UI does not send header properly. What is wrong in annotations? Thanks
-
Fadi over 3 yearshow do u pass the token here ??
-
Nghia Le over 3 yearsYou can pass the token via the UI.
-
Fadi over 3 yearscan we some how set a default token ?