Drf-yasg: Problem with authorization I can't get endpoints with permissions.

Created on 28 May 2018  路  13Comments  路  Source: axnsan12/drf-yasg

Hello, Im having two issues , I'm trying to reproduce the reload page that django rest swagger does when I authorize with a security definition: type: "apiKey", name: "Authorization", in:"header" in settings. But in drf-yash I couldnt get that refresh so I can't get the endpoints that have some permissions based on authorization token.

is this an expected behaviur or i am doing something wrong? and if so how can I get the reload behaviur so I can get the endpoint that has permissions based on token

waiting for upstream fix

Most helpful comment

In that case I would say it's best to defer this to the swagger-ui folks.

In the meantime, logging in via Django session authentication should achieve your desired result, as swagger-ui cannot prevent cookies from going with the schema fetch.

All 13 comments

I believe this was a feature of the old swagger UI. At least, I can confirm, that this was possible in https://github.com/marcgibbons/django-rest-swagger and it's using swagger UI version 2. Apart from that, I would like to have this feature "back", too. Currently, I am looking into customizing the web UI (see https://drf-yasg.readthedocs.io/en/stable/custom_ui.html), but that seems hard and hacky. Another temporary solution I imagine is to include django-rest-swagger and just point its UI to yasg's schema endpoint.

Apart from that, you might be able to get what you want by calling get_schema_view with public=True. I still would like to restore the old behavior, because that enables to get serializers based on the authenticated user (we have very different profile types and as a result differing representations of our resources).

I was never aware of such a feature. I guess that would require re-fetching the schema document with the new authentication credentials, but I don't know if/how that's supported by swagger-ui.

I'll try and have a look.

In that case I would say it's best to defer this to the swagger-ui folks.

In the meantime, logging in via Django session authentication should achieve your desired result, as swagger-ui cannot prevent cookies from going with the schema fetch.

in the meantime would you be welcoming a PR to introduce block statements for the swagger ui template similar to https://github.com/marcgibbons/django-rest-swagger/blob/master/rest_framework_swagger/templates/rest_framework_swagger/index.html?

@tuky sure, that would be awesome!

This is implemented via a hack in 1.11.0, together with other auth-related functionality.

Does not work in drf-yasg==1.12.1. Still facing the same issue.

Following are my settings.

SWAGGER_SETTINGS = {
    'SECURITY_DEFINITIONS': {
        'api_key': {
            'type': 'apiKey',
            'name': 'HTTP_AUTHORIZATION',
            'in': 'header'
        }
    }
}

Neither works on 1.11.0

It works on drf-swagger. Checked.

You have to enable the related settings.

It works on drf-swagger. Checked.

I don't understand what that means.

You have to enable the related settings.

I had the same issue using token auth, and with this settings i can solve.

SWAGGER_SETTINGS = {
    'SECURITY_DEFINITIONS': {
        'api_key': {
            'type': 'apiKey',
            'in': 'header',
            'name': 'Authorization'
        }
    },
    'REFETCH_SCHEMA_WITH_AUTH': True,
}

drf-yasg 1.17.0
Thank you!

Was this page helpful?
0 / 5 - 0 ratings

Related issues

jaumard picture jaumard  路  5Comments

phihag picture phihag  路  5Comments

nicholasgcoles picture nicholasgcoles  路  4Comments

beaugunderson picture beaugunderson  路  5Comments

Amoki picture Amoki  路  4Comments