Swagger-ui: Basic authentication header not send through "Try it out" operation

Created on 6 Apr 2016  路  9Comments  路  Source: swagger-api/swagger-ui

Hi,

I was trying to use Basic Authentication in Swagger-UI, using the latest master version.

The Authorize button works fine : it shows me a form for basic authentication to set username and password.

However, when I try API endpoints with the "Try it out" button, it doesn't send the corresponding Authorization HTTP header. Am I doing anything wrong? My spec seems ok as far as I can tell.

{
    "swagger": "2.0",
    "info": {
        "title": "API",
        "description": "Internal API",
        "version": "1.0"
    },
    "host": "localhost",
    "basePath": "/",
    "schemes": [
        "http"
    ],
    "produces": [
        "application/json; versions=1"
    ],
    "paths": {
        "/account": {
            "get": {
                "tags": [
                    "account"
                ],
                "summary": "Get the current user account information",
                "responses": {
                    "200": {
                        "description": "User info"
                    }
                },
                "security": [
                    {
                        "login": []
                    }
                ]
            }
        }
    },
    "definitions": {},
    "securityDefinitions": {
        "login": {
            "type": "basic",
            "description": "Basic authentication"
        }
    }
}

Please let me know if you need any more details!

picture gabriel-detassigny

Most helpful comment

I have the same problem when using the latest master version. Clicking the "Try it out!" button doesn't send the Authorization header that was set using the form.

picture FlaxHaxx on 4 Jun 2016
👍4

All 9 comments

Security definitions declare "what" security exists. It doesn't say "where" to apply them. Add a "security" attribute with the name of the scheme (login in your case) on the operations which require it.

fehguy picture fehguy on 6 Apr 2016

There is already a security attribute, if you look at the /account endpoint: 

"security": [
      {
           "login": []
      }
gabriel-detassigny picture gabriel-detassigny on 6 Apr 2016

@fehguy - I've asked @gabriel-detassigny to open this ticket coming from another one. Tested it and it indeed doesn't work.

webron picture webron on 6 Apr 2016

I have the same problem when using the latest master version. Clicking the "Try it out!" button doesn't send the Authorization header that was set using the form.

FlaxHaxx picture FlaxHaxx on 4 Jun 2016
👍4

OK I've reproduced this. Looks like the security is named basic instead of login when authorizing. I'll send a PR and update this issue.

fehguy picture fehguy on 4 Jun 2016

i have same problem when using swagger ui 3.0.18. Clicking the "Excute" button doesn't send the Authorization header that was set using the form.

sontrananh picture sontrananh on 13 Jul 2017

I'm experiencing this same problem in v3.1.7. @sontrananh, were you able to find a workaround?

toddsingleton picture toddsingleton on 4 Sep 2017

Commenting on a closed ticket that was opened on an entirely different version of the project - isn't going to help. If you have an issue, please open a new ticket.

webron picture webron on 5 Sep 2017

@toddsingleton: i had that problem because i deploy swagger in a server but i deploy service in another server with different ip. And i disable csrf check of browers to fix it

sontrananh picture sontrananh on 6 Sep 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

MartinMuzatko picture MartinMuzatko  路  4Comments
fehguy picture fehguy  路  3Comments
ankon picture ankon  路  4Comments
zilongl picture zilongl  路  3Comments
sgyang picture sgyang  路  4Comments