Swagger-ui: Authorization Header not getting displayed in CURL
I am trying to use the Authorization header in the swagger latest version.
You can try the above YAML configuration in Swagger Editor.
You can observe that the Authorization header which I added in the header section is not included in the CURL command.
Help me to add an Authorization header into my API.
shivaprasad573
All 11 comments
The specification does not allow explicitly adding Authorization header. For more information, please read https://swagger.io/docs/specification/describing-parameters/#header-parameters.
webron
on 16 Nov 2019
The Authorization header needs to be defined as a security scheme. In your example it should look like this:
components:
securitySchemes:
auth:
type: apiKey
in: header
name: Authorization
security:
- auth: []
hkosova
on 18 Nov 2019
Thanks for your reply @hkosova , but the above approach didn't work for me. Find the screenshot for more details. and let me know what I am missing in it.
shivaprasad573
on 18 Nov 2019
@shivaprasad573 you need to remove the Authorization header from parameters. Then in the UI panel, click the green "Authorize" button at the top (this button is added by the security scheme) and enter the value for the Authorization header. Then test the request again.
hkosova
on 18 Nov 2019
Thanks, @hkosova and it worked:), but in my use-case should remove that Authorize Button in the top(I should not use it) so that I want to pass/send Authorization header and it's value from YAML code only.
Can you help me with this?
shivaprasad573
on 18 Nov 2019
Could you please clarify what you mean by "pass ... value from YAML code only"?
hkosova
on 18 Nov 2019
Sure @hkosova , in my use-case, My application will generate one Key and that Key I have to send as Authorization header.
shivaprasad573
on 18 Nov 2019
@hkosova / @webron / @shockey please can you provide some solution to this issue?
shivaprasad573
on 19 Nov 2019
A sample code that works.
@Configuration
public class OpenApiConfig {
private static final String API_KEY = "apiKey";
@Bean
public OpenAPI customOpenAPI() {
return new OpenAPI()
.components(new Components()
.addSecuritySchemes(API_KEY,apiKeySecuritySchema())) // define the apiKey SecuritySchema
.info(new Info().title("Title API").description(
"RESTful services documentation with OpenAPI 3."))
.security(Collections.singletonList(new SecurityRequirement().addList(API_KEY))); // then apply it. If you don't apply it will not be added to the header in cURL
}
public SecurityScheme apiKeySecuritySchema() {
return new SecurityScheme()
.name(Constants.AUTHORISATION_TOKEN) // authorisation-token
.description("Description about the TOKEN")
.in(SecurityScheme.In.HEADER)
.type(SecurityScheme.Type.APIKEY);
}
}
ffroliva
on 6 May 2020
Thought, it may help someone who are facing same problem.
For adding authorization header to CURL, add annotation @SecurityScheme with type, name, scheme... to the class and add @SecurityRequirement annotation with the same name to the method or to the class itself. You need to create authorization before try out, using button "Authorize" in the swagger html page.
@SecurityScheme(type = SecuritySchemeType.HTTP, scheme = "basic", name = "Authorization")
public class ClassName {
@GET
@SecurityRequirement(name = AUTHORIZATION)
public Response methodName() {
....
}
}
Sathyananth
on 17 Nov 2020
Thanks @Sathyananth . It worked 馃憤馃徏
amitrajitbose
on 16 Dec 2020
Related issues
ankon
路
4Comments
sgyang
路
4Comments
liuya05
路
3Comments
insideshell
路
3Comments
SangeetaGulia
路
4Comments
Most helpful comment
A sample code that works.