Swagger-ui: Basic authentication header not send through "Execute" operation

Created on 13 Jul 2017  路  9Comments  路  Source: swagger-api/swagger-ui

Hi,

I was trying to use Basic Authentication in Swagger-UI, using version v3.0.18.

The Authorize button works fine : it shows me a form for basic authentication to set username and password.

However, when I try API endpoints with the "Execute" button, it doesn't send the corresponding Authorization HTTP header. Am I doing anything wrong? My spec seems ok as far as I can tell.

{
"swagger": "2.0",
"info": {
"description": "Rest API",
"version": "1.0.0",
"title": "Rest API"
},
"host": "10.15.24.158:9080",
"basePath": "/cb",
"tags": [
{
"name": "config",
"description": "Everything about your Pets"
},
{
"name": "store"
}
],
"schemes": [
"http"
],
"paths": {
"/config/api/city/search": {
"post": {
"tags": [
"config"
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"parameters": [
{
"in": "body",
"name": "body",
"description": "city",
"required": true,
"schema": {
"$ref": "#/definitions/Pet"
}
}
],
"security": [
{
"basicAuth": []
}
],
"responses": {
"200": {
"description": "OK",
"examples": {
"application/json": {
"id": 3
}
}
}
}
}
},
"/config/api/city/detail/{cityId}": {
"get": {
"tags": [
"config"
],
"produces": [
"application/json"
],
"parameters": [
{
"name": "cityId",
"in": "path",
"description": "ID",
"required": true,
"type": "integer",
"format": "cityId"
}
],

    "security": [
      {
        "basicAuth": []
      }
    ],
    "responses": {
      "200": {
        "description": "OK",
        "examples": {
          "application/json": {
            "id": 3
          }
        }
      }
    }
  }
}

},
"securityDefinitions": {
"basicAuth": {
"type": "basic"
}
},
"definitions": {
"Pet": {
"type": "object",
"required": [
"name",
"photoUrls"
],
"properties": {
"id": {
"type": "integer",
"format": "int64"
},
"category": {},
"name": {
"type": "string",
"example": "doggie"
},
"photoUrls": {
"type": "array",
"xml": {
"name": "photoUrl",
"wrapped": true
},
"items": {
"type": "string"
}
},
"tags": {
"type": "array",
"xml": {
"name": "tag",
"wrapped": true
},
"items": {}
},
"status": {
"type": "string",
"description": "pet status in the store",
"enum": [
"available",
"pending",
"sold"
]
}
}
}
}
}
Please let me know if you need any more details!

lock-bot support 3.x
Source
picture sontrananh

All 9 comments

@sontrananh, I just tried to make a request with your spec, and my OPTIONS request (for CORS preflight) timed out. Not sure if I'm meant to be able to access the server or not:

OPTIONS http://10.15.24.158:9080/cb/config/api/city/search net::ERR_CONNECTION_TIMED_OUT

I changed the host to editor.swagger.io, and ran the request again. I observed the POST being sent with an authorization header, as I'd expect.

Please make sure the problem is with the spec, and not your server. If your POST is going out, just without the authorization header, let me know and I can help you investigate this further.

shockey picture shockey on 13 Jul 2017
👍1

@shockey: tks for support. But 10.15.24.158 is my local host, i use post man the rest app is fine, but when i use swagger, it doesn't send my author header . My swagger ui port is 8080 but my rest app port is 9080, May be i can't send authorization header because CORS.

sontrananh picture sontrananh on 14 Jul 2017

@sontrananh, Postman doesn't pay attention to Same-Origin Policy or CORS, since it's an external tool (doesn't run inside a browser), so that may be the source of your troubles 馃槃

See here for more information: https://enable-cors.org/server.html

Please let me know if this solves your problems!

shockey picture shockey on 14 Jul 2017
👍1

@shockey: i use docker. i can't find the way to enable cors to docker :(.
Do you know how can i disable cors of swagger?

sontrananh picture sontrananh on 14 Jul 2017

@sontrananh, there's no way to disable CORS - it's a security mechanism that is built into all web browsers, so anything that runs inside a browser needs to work within the rules.

You shouldn't need to change anything in Docker - you should configure the API you're talking to at 10.15.24.158:9080 to respond with a Access-Control-Allow-Origin: * header in every response.

shockey picture shockey on 14 Jul 2017
👍1

@shockey: tks for your help.

sontrananh picture sontrananh on 14 Jul 2017

It's not working. Header is not set on basic authorization:

securityDefinitions:
  api_key:
    type: apiKey
    name: x-api-key
    in: header

No header is set on execute requests. No, it's not CORS. Worked just fine with version 2.x.x

Even the provided curl command does not have header set:
curl -X GET "https://192.168.52.21/pub/v1/sites" -H "accept: application/json"

And, yes, I have authenticated using "Authorize" popup

juliusza picture juliusza on 14 Jul 2017

@juliusza: i disable CORS in web browsers my swagger work fine because i have swagger in a server and my rest api app in a other one.
Tks for your help

sontrananh picture sontrananh on 14 Jul 2017

@sontrananh, glad I could help!

@juliusza, you're using apiKey authorization, not basic.

Sounds like you're having a different issue, so please open a new ticket, we'd be happy to look into that.

shockey picture shockey on 14 Jul 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

shockey picture shockey  路  3Comments
MartinMuzatko picture MartinMuzatko  路  4Comments
easyest picture easyest  路  3Comments
prabhat1790 picture prabhat1790  路  3Comments
deepumi picture deepumi  路  3Comments