Grpc-gateway: Authorization headers aren't specified in Swagger.json

Created on 30 Jan 2017  路  3Comments  路  Source: grpc-ecosystem/grpc-gateway

Currently we're using the swagger generated by grpc-gateway to generate client sdk's. And it works splendidly until we add authorization to the mix. Since the outputted swagger doesn't contain information regarding headers or authorization, neither does the outputted SDK's.

That means they're essentially useless (at least it is in typescript), since the headers can't be added globally.

A example of what's needed in swagger can be found here:
http://stackoverflow.com/questions/32910065/how-can-i-represent-authorization-bearer-token-in-a-swagger-spec-swagger-j

I'm new to grpc-gateway, so I might be missing something obvious.

Most helpful comment

It can be done using openapiv2_swagger option (ref)

option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
    security_definitions: {
        security: {
            key: "BasicAuth";
            value: {
                type: TYPE_BASIC;
            }
        }
    }
}

Then add security header reqs in all services wherever needed (ref)

option (grpc.gateway.protoc_gen_swagger.options.openapiv2_operation) = {
    security: {
        security_requirement: {
            key: "ApiKeyAuth";
            value: {}
        }
};

Don't forget to import "protoc-gen-swagger/options/annotations.proto";

All 3 comments

I think several folks post-process the generated swagger docs and merge in overrides. That said contributions in the form of allowing greater control of openapi output are welcomed.

As an example, I merge together multiple services as:

   cat *.swagger.json | jq --slurp 'reduce .[] as $$item ({}; . * $$item)' > apis.json

but with a lexigraphically-last file with overrides (zlast.swagger.json)

Thanks Travis!
That was exactly what we ended up doing.
If we can't generalize it, we'll try to get something added back to this repo.
If this works out for us, I imagine us using this on a lot of projects going forward.

It can be done using openapiv2_swagger option (ref)

option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
    security_definitions: {
        security: {
            key: "BasicAuth";
            value: {
                type: TYPE_BASIC;
            }
        }
    }
}

Then add security header reqs in all services wherever needed (ref)

option (grpc.gateway.protoc_gen_swagger.options.openapiv2_operation) = {
    security: {
        security_requirement: {
            key: "ApiKeyAuth";
            value: {}
        }
};

Don't forget to import "protoc-gen-swagger/options/annotations.proto";

Was this page helpful?
0 / 5 - 0 ratings

Related issues

yearm picture yearm  路  3Comments

fifthaxe picture fifthaxe  路  5Comments

mossila picture mossila  路  4Comments

pzsfeng picture pzsfeng  路  5Comments

stevenroose picture stevenroose  路  3Comments