[ ] Regression
[X] Bug report
[ ] Feature request
[ ] Documentation issue or request
[ ] Support request => Please do not submit support request here, instead post your question on Stack Overflow.
I'm using Passport/Jwt auth with a Nest API and all works very well when I hit the API via Postman (or any other external client I can control the headers).
When using the Swagger UI generated by this package the Authorization header is never sent. I can utilize the 'Authorize' UI to 'Login' and enter my 'Bearer [token]' but when I make subsequent calls to other API endpoints no 'Authorization' header value of any kind is sent with the request. The 'Authorize' functionality of the generated Swagger UI appears to work but has no effect on future calls (unless I am missing something). No matter what I provide to the '.addBearerAuth()' extension method I cannot seem to force any additional API information to be sent with a request. Is there something (beyond the standard guards) I need to do on the controllers or endpoints?
My configuration for the Swagger doc is as follows:
const options = new DocumentBuilder()
.setTitle('AppName')
.setDescription('Customer API')
.setVersion('0.1')
.addTag('customer.api')
.addBearerAuth('Authorization', 'header')
.setHost('localhost:3001')
.build();
Are you sure that you added @ApiBearerAuth() decorator to the particular method?
Is there any possibility where we don't need to add @ApiBearerAuth() decorator to every method of controllers? If we can handle it from one place so that would be more better than that.
Is there any possibility where we don't need to add
@ApiBearerAuth()decorator to every method of controllers? If we can handle it from one place so that would be more better than that.
Any update about this request? it will be very helpful.
You can add it to the top of the controller so that would work for all the method inside it.
@Controller('transaction')
@ApiBearerAuth()
export class TransactionController { }
It sends request from Swagger API like the following
curl -X GET "http://localhost/users" -H "accept: application/json" -H "Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI1ZGU3NjE3YmQ3MWY3NjNjYWMxZjE2MDIiLCJlbWFpbCI6Im1haWxAZ21haWwuY29tIiwiaWF0IjoxNTc1NTQzOTMzLCJleHAiOjIxODAzNDM5MzN9.fmMOHDEOrer3AALuYnazvq6uiriYAaVTGZIUf128avM"
I test with PostMan and it works great when PostMan add
"Authorization: Bearer
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJfaWQiOiI1ZGU3NjE3YmQ3MWY3NjNjYWMxZjE2MDIiLCJlbWFpbCI6Im1haWxAZ21haWwuY29tIiwiaWF0IjoxNTc1NTQzOTMzLCJleHAiOjIxODAzNDM5MzN9.fmMOHDEOrer3AALuYnazvq6uiriYAaVTGZIUf128avM"
Can anyone help?
@Hisham-TK when setting the Bearer token in Swagger, add "Bearer " in front of it.
Hello, I have the same problem as @kvgros, using @nestjs/swagger 4.1.2 and swagger-ui-express 4.1.2. This is my swagger configuration.
const options = new DocumentBuilder()
.setTitle('Comprartir Api')
.setDescription('The API for e-commerce')
.setVersion('1.0')
.addBearerAuth(
{ type: 'http', scheme: 'bearer', bearerFormat: 'JWT', in: 'header' },
'access-token',
)
.build();
expected behavior:
curl -X GET http://localhost:3000/api/v1/commerces -H "accept: application/json" "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6Ijg3YWU5NzYyLTVkYjctNGIyOC1iZmEyLWVlY2I4MTNiND_fXUFhWGKYjU"
but I get:
curl -X GET http://localhost:3000/api/v1/commerces -H "accept: application/json"
I'm having the same issue as @adrian88GitHub
@nestjs/swagger: 4.5.1
swagger-ui-express: 4.1.4
Solved for me. In my case i needed using of the same auth name in controller and main app.
Controller:
@UseGuards(AuthGuard())
@Controller('users')
@ApiTags('users')
@ApiBearerAuth('JWT')
export class UsersController {
constructor(private usersService: UsersService) {
}
....
}
main app:
const options = new DocumentBuilder()
.setTitle('Some App')
.setDescription('The some app API description')
.setVersion('1.0')
.addTag('auth')
.addTag('users')
.addBearerAuth(
{ type: 'http', scheme: 'bearer', bearerFormat: 'JWT' },
'JWT',
)
.build();
const document = SwaggerModule.createDocument(app, options);
SwaggerModule.setup('api-docs', app, document);
....
The same name is 'JWT'
I think this should be reopened
Just ran in to this issue. It isn't an issue as such, but something that could be improved in the NestJs documentation.
Basically the solution is to ensure that wherever you use a (e.g. on top of a controller or method):
@ApiBearerAuth('XYZ')
The 'XYZ' has to match (e.g. your swagger configuration):
.addBearerAuth({ type: 'http', scheme: 'bearer', bearerFormat: 'JWT' }, 'XYZ')
And only then, will swagger realise it needs to add the authentication header.
Most helpful comment
Is there any possibility where we don't need to add
@ApiBearerAuth()decorator to every method of controllers? If we can handle it from one place so that would be more better than that.