Swagger-core: Requirement: hidden password for APiParam

Good idea. In the JSON Schema we could do something like this:

{
   "type": "string",
   "format": "password"
}

We just need to add some logic to the annotations to pick up the format hint. I'll keep this open as a feature.

Hi, since we now have a separate repo for the spec, do you mind opening a ticket there to add a password format for string types?

This is now supported in both the core and javascript libraries for develop_2.0

in the APIParam annotation, should we use dataType="password"?

good question, i'll reopen this as a reminder to document. dataType _must_ be a fully-qualified class, so I'm certain that password is not correct.

Hello, any update on this one ? thx

I need to integrate something like this in swagger, i.e Masking the password fields in swagger-ui.

My code looks like this, And the question being what should be added here to mask the "name" field?

@fehguy how can i now use this hidden password in my Java APIs ?

see #2087

So #2087 is different from this issue. To use password as a _parameter_ type, you can simply override the format like this:

@ApiParam(value = "your password", type = "string", format = "password") @QueryParam(/* normal stuff */)

@fehguy is it okay if i update only swagger-annotations JAR? because seems that lots of changed in core, jaxrs & modules since 1.5.3. Do i also need to update swagger UI ? thx

You cannot just update the annotations--need to do all the swagger-core, swagger-jaxrs, swagger-models. Swagger-ui may work, depending on your version.

@fehguy We cannot update swagger, because lots of changes were made since 1.5.3, and our multiple swagger instance approach is not working anymore.

@to-kra: considering that version has a critical bug that produces invalid specs, I'd recommend you find a way to make the upgrade. If there are other issues relating to multiple instances (which should have been solved already), please raise them in separate tickets.

@to-kra TBH the mechanism for multiple swaggers is now formalized, previously it was a hack that shouldn't have worked :)

Hi i am facing same issue, is this fixed?
Or is there a way to select between kay / value formdata with hidden password field and json body?
(Is formdata even possible with OpenApi 3.0 and RequestBody?)

I was able to use password characters with the following annotation:

// @param secret query string false "user password" format(password)

The annotation is processed using https://github.com/swaggo/swag.

can we hide password field in swagger: 2.0?

How to add below lines in the json file using swagger annotation ? which annotation should be used ?

{
"type": "string",
"format": "password"
}

I am not able to get proper answer till now...is only by manual way we can achieved this ?

For java people who arrive here:
If using using DTOs, annotate your model field with io.swagger.v3.oas.annotations.media.Schema; as in:

  public class DtoUserCredentials {

      @NotBlank
      private String username;
      @NotBlank
      @Schema(format = "password")
      private String password;

  }

I didn't try but it should be possible to achieve the same using @Schema(type = "string", format = "password") inside of a @Parameter annotation at the path operation method.

It generates:

Maven dependency:

  <dependency>
      <groupId>org.springdoc</groupId>
      <artifactId>springdoc-openapi-ui</artifactId>
      <version>1.5.6</version>
  </dependency>