-
Notifications
You must be signed in to change notification settings - Fork 477
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OpenAPI 3 Cookie Authentication Support #649
Comments
Merged! Will be available in the next minor release :) |
Is cookie authentication fully functional in nest, according to https://swagger.io/docs/specification/authentication/cookie-authentication/, cookie authentication for "try it out" is no supported is this the same case for nest? |
I have tested it. It is not fully functional. Same reason to swagger-api/swagger-editor#1951 |
As an alternative solution relying on const customOptions: SwaggerCustomOptions = {
swaggerOptions: {
withCredentials: true,
},
};
SwaggerModule.setup('api', app, document, customOptions); As a reference: https://swagger.io/docs/open-source-tools/swagger-ui/usage/configuration/#withCredentials
So each time I make a request to /app/auth/login or /app/auth/register a http-only same-site cookie is stored by the browser and then it will be appended to each following request (so this approach avoids setting the authorization Swagger UI field) @Post('login')
@HttpCode(200)
async login(
@Body(AppValidationPipe) loginDto: LoginDto,
@Res() response: Response,
) {
const loggedUser = await this.authService.login(loginDto);
response.cookie('accessToken', loggedUser.accessToken, {
expires: addMinutes(new Date(), loggedUser.accessTokenExpiration),
httpOnly: true,
sameSite: 'strict',
});
} After that async canActivate(context: ExecutionContext) {
const request: RequestWithUser = context.switchToHttp().getRequest();
const fullInputToken: string | undefined = request.cookies['accessToken'];
if (!fullInputToken) throw new Unauthorized('Token not provided');
const tokenWithoutPrefix = fullInputToken.replace('Bearer ', '');
} |
Feature Request (PR #650 + docs PR)
OpenAPI 3 supports Cookie Authentication. The
@nestjs/swagger
module currently only supports that through the@ApiSecurity()
decorator.Cookie authentication support could be improved by having an api similar to other existing authentication mechanisms:
The text was updated successfully, but these errors were encountered: