Swagger-ui: Bearer / JWT security definitions is not working

Created on 2 Nov 2017 · 8Comments · Source: swagger-api/swagger-ui

Hi,
we just testing new version of swagger-ui, the new functions is badly documented so we reverse engineered needed configuration values from source code, but maybe our assumptions were bad.

| Q | A
| ------------------------------- | -------
| Bug or feature request? | Bug
| Which Swagger/OpenAPI version? |
| Which Swagger-UI version? | latest from master
| How did you install Swagger-UI? | grom git
| Which browser & version? | Chrome latest
| Which operating system? | Mac OS X

Demonstration API definition

 securityDefinitions:
   bearerAuth:
     type: http
     scheme: bearer
     bearerFormat: JWT

Expected Behavior

Bearer auth should be visible in Authorize section

Current Behavior

Unknown security definition type http in this window

Possible Solution

Add some section to https://github.com/swagger-api/swagger-ui/blob/master/src/core/components/auth/auth-item.jsx to ensure

Context

We wanted to use swagger-ui for swagger api using JWT.

Thanks a lot for your help.

support

Source

jakubjosef

Most helpful comment

@jakubjosef, that should work if you change bearerAuth:[] to - bearerAuth: [], since security requirements under security need to be arrays.

Here's a minimal example of a definition that will use bearer auth globally:

openapi: "3.0.0"
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
security:
- bearerAuth: []
paths:
  /:
    get:
      description: my operation
      responses: 
        200:
          description: all is well

shockey on 3 Nov 2017

👍3 ❤1

All 8 comments

Hi @jakubjosef!

It looks like you're mixing OpenAPI 2.0 and 3.0: securityDefinitions is from 2.0, but type: http, scheme: bearer, and bearerFormat: JWT are from 3.0.

All API definitions need to declare their version with either a swagger: "2.0 or openapi: "3.0.0" at the top level of the definition, and follow _only_ the syntax for that version.

I suggest writing your definition with OpenAPI 3.0, and following the 3.0 specification as you author your definition.

(cc @hkosova, any other pointers? thanks!)

shockey on 3 Nov 2017

We started with pure OpenAPI 3.0 definitions like

components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT

security:
  bearerAuth:[]

But in this case we don't have any lock icons in swagger-ui, means ho auth available AFAIK.
Maybe it's possible we have bad version declared above this piece of code. Thanks for your help. I'll investigate it more later. Just one question, is the code I posted sufficient to enable auth (display lock icons)?

jakubjosef on 3 Nov 2017

@jakubjosef, that should work if you change bearerAuth:[] to - bearerAuth: [], since security requirements under security need to be arrays.

Here's a minimal example of a definition that will use bearer auth globally:

openapi: "3.0.0"
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
security:
- bearerAuth: []
paths:
  /:
    get:
      description: my operation
      responses: 
        200:
          description: all is well

shockey on 3 Nov 2017

👍3 ❤1

We had wrong version declaration on very first line, thanks a lot for your quick help. I going to close the issue.

jakubjosef on 3 Nov 2017

No worries @jakubjosef, glad you got it working 😄 feel free to open another issue if you run into any other trouble!

shockey on 3 Nov 2017

Hi @shockey,
I am try to reproduce your example but the problem still persist with the bearerFormat when I set to JWT.
reference image
Says...

josch-san on 19 Sep 2018

Hi @josch-san, SwaggerHub's environment is a bit different, which may explain the difference in behavior - I recommend reaching out to their support 😄

shockey on 21 Sep 2018

Can anyone tell me why my Available Authorizations box is empty in my swagger ui with this code.
Screen Shot 2019-06-26 at 5 14 59 PM