Core: Default value option on Swagger api keys
My current project API need this header to authenticate:
Authorization: Bearer your_api_token
So I add this configuration for Swagger:
api_platform:
swagger:
api_keys:
-
name: Authorization
type: header
It works. But the customer always have to add Bearer on the form content.
It would be great to have a default_value option on each api_keys element.
soullivaneuh
All 4 comments
I'm not sure if I understand correctly but I'll give a go at responding. If you mean that in the swagger docs a user has to add the Bearer on the form content then that can be done once when the page loads with a little 'Authorize' button that will appear in the docs.
If you mean that you'd like to set a default authorization header so a user doesn't have to do this, would this not make the API insecure because you'd be exposing an API key to the public?
silverbackdan
on 30 Oct 2018
No I don't want to avoid the usage of the Authorize button, I just want the form content to have Bearer on the input, so the use just have to copy the key. :-)
soullivaneuh
on 31 Oct 2018
Oh I see, API Platform just creates a swagger config. It looks as though this isn't something that package is looking to support - see https://github.com/OAI/OpenAPI-Specification/issues/583
Mainly due to the potential security issues. Perhaps you could write a kernel listener, check if Bearer is in the authorization header already and if not, prepend it?
silverbackdan
on 31 Oct 2018
In that case, I could simply remove the Bearer prefix. :-)
soullivaneuh
on 31 Oct 2018
Related issues
silverbackdan
路
3Comments
mahmoodbazdar
路
3Comments
vViktorPL
路
3Comments
DenisVorobyov
路
3Comments
rockyweng
路
3Comments
Most helpful comment
No I don't want to avoid the usage of the Authorize button, I just want the form content to have
Beareron the input, so the use just have to copy the key. :-)