Nelmioapidocbundle: Sandbox : How to tell that a route needs authentication

Created on 6 Jan 2017  路  11Comments  路  Source: nelmio/NelmioApiDocBundle

Hi,

Here is my config.yml :

nelmio_api_doc:
    sandbox:
        authentication:
            name: Authorization
            delivery: header
            type: bearer
            custom_endpoint: false
        accept_type: application/json
        body_format:
            formats: [ json ]
            default_format: json
        request_format:
            formats:
                json: application/json
            method: accept_header
            default_format: json

Here is an example annotation :

    /**
     * Get currently logged in profile
     *
     * @Get("/me")
     *
     * @ApiDoc(
     *   description="Get currently logged in profile",
     *   section="/profile",
     *   resource=true,
     *   headers={
     *     { "name"="Authorization", "description"="Bearer JWT token", "required"=true }
     *   },
     *   statusCodes={
     *     200="Profile found",
     *     401="Invalid JWT authentication"
     *   }
     * )
     *
     * @param UserInterface|User $user
     */
    public function getMyProfileAction(UserInterface $user)
    {

I set my api key in NelmioApiDoc's top bar.

Now when I click on "Try It !" for the corresponding route, the Authorization header is not sent :

api documentation

And my question is : why ?

Thanks in advance

Most helpful comment

@Yonn-Trimoreau

You need to specify delivery to "http":

nelmio_api_doc:
    sandbox:
        authentication:
            name:           Authorization
            delivery:       http
            type:           bearer

And remove the apidoc "headers" from your method; replace it with "authentication=true".

e.g. :

   /**
     * @ApiDoc(
     *     section="Users",
     *     description="Get a single user",
     *     authentication=true,
     *     output={
     *         "class"=User::class,
     *         "parsers"={
     *             "Nelmio\ApiDocBundle\Parser\JmsMetadataParser"
     *         }
     *     },
     *     requirements={
     *          {
     *              "name"="id",
     *              "dataType"="integer",
     *              "requirement"="\d+",
     *              "description"="The ID of the user"
     *          }
     *     },
     *     statusCodes={
     *          200="Returned when successful",
     *          404={
     *              "Returned when the user is not found",
     *              "Returned when something else is not found"
     *         }
     *     }
     * )
     */
    public function getAction($id)
    {}

After calling your url to retrieve your token, you must paste it into the top "api key" field. The, You can call your other urls requiring authentication.

All 11 comments

It seems to me that you're overriding it in the sandbox. Can you try removing the Authorization header in the sandbox of the route you're trying to access?

Tried it already. No luck 馃槩

Then maybe try removing the Authorization header in your annotation?

Tried it too..

Is this an issue then ?

@Yonn-Trimoreau I can't tell, when I needed a bearer header, I had to put the prefix alongside with the token (eg Bearer myToken), did you try it?

Yes. It works. But I expect not having to retype my Authorization header each time I use the sandbox. And that's actually a functionality of NelmioApiDocBundle, right ?

Looking at the code, it seems to be supported so it must be a bug.
I'm currently working on 3.0 and I don't have the time to investigate on this; if someone is willing to make a PR, feel free to do it :)

I will do this if I have time, but maybe in a long time. Time is running out of me for the moment. If someone is willing to do it before I do, I'll appreciate. And I will give him a cookie. <3

@Yonn-Trimoreau

You need to specify delivery to "http":

nelmio_api_doc:
    sandbox:
        authentication:
            name:           Authorization
            delivery:       http
            type:           bearer

And remove the apidoc "headers" from your method; replace it with "authentication=true".

e.g. :

   /**
     * @ApiDoc(
     *     section="Users",
     *     description="Get a single user",
     *     authentication=true,
     *     output={
     *         "class"=User::class,
     *         "parsers"={
     *             "Nelmio\ApiDocBundle\Parser\JmsMetadataParser"
     *         }
     *     },
     *     requirements={
     *          {
     *              "name"="id",
     *              "dataType"="integer",
     *              "requirement"="\d+",
     *              "description"="The ID of the user"
     *          }
     *     },
     *     statusCodes={
     *          200="Returned when successful",
     *          404={
     *              "Returned when the user is not found",
     *              "Returned when something else is not found"
     *         }
     *     }
     * )
     */
    public function getAction($id)
    {}

After calling your url to retrieve your token, you must paste it into the top "api key" field. The, You can call your other urls requiring authentication.

@quentin-berlemont Your solution works like a charm for me.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

andydandy80 picture andydandy80  路  4Comments

jhkchan picture jhkchan  路  4Comments

NicolasGuilloux picture NicolasGuilloux  路  4Comments

abidichrak picture abidichrak  路  5Comments

alxfv picture alxfv  路  5Comments