Swagger UI passing authentication token to API call in header
Solution 1
@ApiImplicitParams and @ApiImplicitParam should do the trick:
@GET
@Produces("application/json")
@ApiImplicitParams({
@ApiImplicitParam(name = "Authorization", value = "Authorization token",
required = true, dataType = "string", paramType = "header") })
public String getUser(@PathParam("username") String userName) {
...
}
From the documentation:
You may wish you describe operation parameters manually. This can be for various reasons, for example:
- Using Servlets which don't use JAX-RS annotations.
- Wanting to hide a parameter as it is defined and override it with a completely different definition.
- Describe a parameter that is used by a filter or another resource prior to reaching the JAX-RS implementation.
The Swagger UI will be updated so you can send your token from there. No changes to HTML will be necessary.
Note: A while ago, when documenting a REST API with Swagger, I realized that just adding @ApiImplicitParam is not enough (even if you have only one parameter). Anyway, you must add @ApiImplicitParams too.
Solution 2
My configuration for 2.9.2 Swagger version to add Authorization on Swagger UI and send the Bearer token
@Configuration
public class SwaggerConfiguration{
//...
@Bean
public Docket api(ServletContext servletContext) {
return new Docket(DocumentationType.SWAGGER_2)...
.securitySchemes(Arrays.asList(apiKey()))
.securityContexts(Collections.singletonList(securityContext()));
}
private SecurityContext securityContext() {
return SecurityContext.builder().securityReferences(defaultAuth()).forPaths(PathSelectors.regex("/.*")).build();
}
private List<SecurityReference> defaultAuth() {
final AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything");
final AuthorizationScope[] authorizationScopes = new AuthorizationScope[]{authorizationScope};
return Collections.singletonList(new SecurityReference("Bearer", authorizationScopes));
}
private ApiKey apiKey() {
return new ApiKey("Bearer", "Authorization", "header");
}
}
Solution 3
Another option is to add globalOperationParameters. It will add a field for authorization in every endpoint.
Define authorization header parameter:
Parameter authHeader = new ParameterBuilder()
.parameterType("header")
.name("Authorization")
.modelRef(new ModelRef("string"))
.build();
Add it to Docket configuration:
return new Docket(DocumentationType.SWAGGER_2)
.select()
.apis(...)
.paths(...)
.build()
.apiInfo(...)
.globalOperationParameters(Collections.singletonList(authHeader));
And it will look like this:
Solution 4
There is a hack that might work by using responseInterceptor and requestInterceptor
First capture response of the the first API call using responseInterceptor and save the token (in the example in local storage), then use requestInterceptor to add the Authorization header with the saved token.
const ui = SwaggerUIBundle({
...
responseInterceptor:
function (response) {
if (response.obj.access_token) {
console.log(response.obj.access_token)
const token = response.obj.access_token;
localStorage.setItem("token", token)
}
return response;
},
requestInterceptor:
function (request) {
console.log('[Swagger] intercept try-it-out request');
request.headers.Authorization = "Bearer " + localStorage.getItem("token");
return request;
}
}
Solution 5
This is an old question but this is how I solved it recently with version 2.7.0 for my JWT tokens
In your swagger configuration, add below SecurityConfiguration bean. Important part being leaving fifth argument empty or null.
@Bean
public SecurityConfiguration securityInfo() {
return new SecurityConfiguration(null, null, null, null, "", ApiKeyVehicle.HEADER,"Authorization","");
}
Add securitySchemes(Lists.newArrayList(apiKey())) to your main Docket bean.
@Bean
public Docket docket()
{
return new Docket(DocumentationType.SWAGGER_2).select()
.....build().apiInfo(...).securitySchemes(Lists.newArrayList(apiKey()));
}
private ApiKey apiKey() {
return new ApiKey("Authorization", "Authorization", "header");
}
Then in UI , you need to click on Authorize button and input "Bearer access_token" (for Authorization text box )where access_token is token provided by jWT token server.
Once this authorization is saved,that will become effective for all end points. Adding a separate text field for each end point looks very cumbersome.
Java P
Updated on August 12, 2020Comments
-
Java P almost 4 years
I am new to Swagger.
I am using Swagger UI to generate swagger documentation. I have two API calls. First call is to generate token based on user name and password. Second call needs token generated by first call.
How I set that token for second call using Swagger UI?
-
Java P over 8 yearsWill try and let you know
-
-
Irfan Nasim almost 7 yearshow to get token from POST /oauth/token by adding parameters like username, password and grant type? because in swagger UI only parametters node is listed how to add custom parametters there? -
Vikas Prasad almost 6 yearsIs this specific to Spring project? -
Sabir Khan almost 6 yearsYes,Beanis a Spring concept . Automatic configuration pick up is for Spring Boot. If you have Java config then caller to that config can be non - Spring framework but in this case, it is intended for Spring. -
iaL about 4 years@SabirKhan How do I implement it without spring-fox? I'm using springdoc-openapi-ui (1.3.2). But still facing same issue. My spring boot version is 2.2.6. Hence needed to remove spring-fox.
-
Sabir Khan about 4 years@iaL:I am not sure ,will try to find & let you know if find anything useful.
