Swagger-ui: Json fetch request is not fired on authorization/logout
Swagger-ui version 3.12.1.
I need to show/hide some endpoints based on the authorization. I.e. after user makes authorization, it should ask server for json and server should return json for authorized user. If user logs out, it should ask for json for anonymous user. To make it happen, swagger-ui should fetch json from server on auth/logout. It worked in prev versions.
Steps to reproduce:
- Navigate to http://petstore.swagger.io/
- Click Authorize
- Fill in api_key auth method with any token and click Authorize, click close.
Expect: swagger-ui should call specActions.download()to download json once again after logged in
Actual: json is not updated
VladislavSudakov
All 5 comments
@webron, did we have this in v2? I wouldn't think that authorizations defined in a document should affect the fetching of the document itself.
shockey
on 15 Mar 2018
@shockey as much as it doesn't make sense, we had a similar feature. I get why you wouldn't expect it, and I think it was derived as a side effect to the pet store. In fact, currently, some of the pet store is not behaving the way it did with the older version of the UI. That said, I'm not automatically saying we should implement it the same way or at all. We can consider alternative solutions.
webron
on 16 Mar 2018
We actually really need this feature, our api's swagger endpoint uses the auth token to determine which endpoints the user has access to and trims out what they shouldn't be able to see. We always thought this was an intended feature, which we really value. We can't upgrade to V3 until it assists security trimmed swagger docs.
maxnorth
on 4 Apr 2018
+1 - we use this "feature" exactly as @maxnorth does and as such this is blocking us from being able to upgrade to v3.
This is actually a really nice feature to have - an unauthenticated user arrives at the page and sees only the public endpoints, but then if they authenticate themselves with the page then all of the endpoints they have access to appear. This way you can use a single swagger page for regular users, admins, etc.
I would definitely vote to have this available in v3!
alexdawes
on 23 Jul 2018
+1 - same as @maxnorth and @alexdawes. We want to migrate to 3 from 2 but are blocked due to this issue.
SimonL101
on 29 Aug 2018
Related issues
shockey
路
3Comments
ankon
路
4Comments
hnthu
路
3Comments
zilongl
路
3Comments
ilnurshax
路
3Comments
Most helpful comment
+1 - we use this "feature" exactly as @maxnorth does and as such this is blocking us from being able to upgrade to v3.
This is actually a really nice feature to have - an unauthenticated user arrives at the page and sees only the public endpoints, but then if they authenticate themselves with the page then all of the endpoints they have access to appear. This way you can use a single swagger page for regular users, admins, etc.
I would definitely vote to have this available in v3!