Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authorization for the inital fetching of swagger spec file #1503

Closed
gmarziou opened this issue Jul 30, 2015 · 7 comments
Closed

Authorization for the inital fetching of swagger spec file #1503

gmarziou opened this issue Jul 30, 2015 · 7 comments

Comments

@gmarziou
Copy link

Hello,

I'm using 2.1.1, I have the same problem as reported and fixed in swagger-api/swagger-js#445 which is that our swagger spec file is not publicly accessible, you have to be authenticated and so the request to get the spec file must have an X-auth-token HTTP header.

i tried to do the same way as addApiKeyAuthorization() in index.html but it can't work because window.swaggerUi.api is not yet defined, it gets defined after window.swaggerUi.load(); which loads the spec file.

So, is there a way to add authorizations before the spec gets loaded?

Thanks

@tcompiegne
Copy link

tcompiegne commented Sep 10, 2015

Same question here, is it possible to add field "headers" to the SwaggerUi object, something like that

  window.swaggerUi = new SwaggerUi({
        url: url,
        headers: {
           Authorization : Basic .....,
           .....
       },
        dom_id: "swagger-ui-container",
        supportedSubmitMethods: ['get', 'post', 'put', 'delete', 'patch'],
        onComplete: function(swaggerApi, swaggerUi){
        .....
}

Thanks

@we-zhang
Copy link

Has the same question.

From the documentation here https://github.com/swagger-api/swagger-ui, looks like we can use "authorizations" option to fetch the swagger spec, original quoting as:

authorizations
An authorization object to be passed to swagger-js. Setting it here will trigger inclusion of any authorization or custom signing logic when fetching the swagger description file. Note the object structure should be { key: AuthorizationObject }

But what is the right JSON structure for {key : AuthorizationObject}, tried a few times without lucky.

@fehguy
Copy link
Contributor

fehguy commented May 17, 2016

you cannot add headers directly when initializing the swaggerUi. You should be using this syntax:

      window.swaggerUi = new SwaggerUi({
        url: url,
        dom_id: "swagger-ui-container",
        authorizations: {
          fun: new SwaggerClient.ApiKeyAuthorization("api_key", 'abcdefg', "header")
        },

This will apply the api_key header when loading the spec.

@we-zhang
Copy link

we-zhang commented May 18, 2016

@fehguy Thanks, and this is working well.

But this setting is not only for loading swagger doc, it also applies to the real API calls.

It would be better if has separate setting for loading swagger and API calls since sometimes the the authorization of API calls is different from loading swagger spec.

@fehguy
Copy link
Contributor

fehguy commented May 18, 2016

Define a security requirement on your API then. If there is none, then any authorization will apply. If there is a security requirement defined, and the name is different from the one you use to fetch the spec, it won't be used.

@dinvlad
Copy link

dinvlad commented Mar 31, 2017

Could you comment how to achieve that in version 3 of the UI? Thanks

@webron
Copy link
Contributor

webron commented Jun 9, 2017

Please follow #2793.

@webron webron closed this as completed Jun 9, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

6 participants