Hi together,
we protect our REST API with a JWT Token. The first step is to POST username and password as JSON to /login method, you then retrieve the Token as answer. We do not put any roles/rights into that token, we just use it for authentication. Roles are requested from the Backend via /user/current afterwards. We do it this way, as we do not want to transmit all Roles all the time between the client and the server = keeping the payload small.
I am wondering, what would be the best approach to document our API via Swagger for our JWT approach. As I understand there are just two types "API Key" and "Oauth2", both of them do not really fit it seems, as for example we do not have a typic oauth token url.
Any suggestions?
My goals:
* Document our API so that users can see, that a specific method is protected or not
* Enable the user to login/generate token via SwaggerUI.
Best
fri