Has anyone generated Swagger UI from an endpoint requiring authentication?

[Jason Novotny]

Hi,

Given an API requiring authentciation like so:

@Path("/updateUser")
@POST
public String updateUser(@Auth UserPrincipal userPrincipal, UserRequest user)

How do I add the appropriate annotations in Swagger so that a client can test the API in the Swagger UI?

What I currently get is the attached screenshot

Thanks, Jason

[Steve Kradel]

@ApiParam(hidden = true) will tell Swagger/OpenAPI not to include that parameter in the spec.

[Robert Di Falco]

I have a related question. Anyone used the dropwizard swagger extension but had Swagger be on the same HTTPS and port as the rest end point? 

--
You received this message because you are subscribed to the Google Groups "dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dropwizard-us...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/4a2c65ae-c52d-4575-9dc3-d71559a19659%40googlegroups.com.

[Steve Kradel]

Yes, this all works fine inside regular old Dropwizard; we use a custom Bundle that, in brief and somewhat redacted, does:

public void run(final OurConfiguration configuration, final Environment environment) throws IOException {
        final OurSwaggerConfigWrapper config = configuration.getSwagger();

        environment.jersey().register(ApiListingResource.class);
        environment.jersey().register(SwaggerSerializers.class);

        logger.info("swagger scanning packages '{}'", config.config.getResourcePackage());
        config.config.setScan(true);
    }

Additionally, AssetsBundle serves up swagger-ui resources.

On Friday, November 1, 2019 at 3:32:08 PM UTC-4, Robert Di Falco wrote:

I have a related question. Anyone used the dropwizard swagger extension but had Swagger be on the same HTTPS and port as the rest end point? 

On Fri, Nov 1, 2019 at 12:30 PM Steve Kradel <skr...@gmail.com> wrote:

@ApiParam(hidden = true) will tell Swagger/OpenAPI not to include that parameter in the spec.

On Friday, November 1, 2019 at 1:57:12 PM UTC-4, Jason Novotny wrote:

Hi,

Given an API requiring authentciation like so:

@Path("/updateUser")
@POST
public String updateUser(@Auth UserPrincipal userPrincipal, UserRequest user)

How do I add the appropriate annotations in Swagger so that a client can test the API in the Swagger UI?

What I currently get is the attached screenshot

Thanks, Jason

--
You received this message because you are subscribed to the Google Groups "dropwizard-user" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dropwiz...@googlegroups.com.

[Jason Novotny]

Thanks Steve,

I'm trying to get Swager UI to be usable-- here's my basic problem:

1. I have an endpoint called /auth/login.

As you can see from the screenshot it works and it returns the token that is used in subsequent calls requiring authentication.

2. Given an API endpoint requiring authentication-- how can a Swagger UI user call this API? How to pass in the token from above?

Thanks, Jason

--
You received this message because you are subscribed to a topic in the Google Groups "dropwizard-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dropwizard-user/hH6R2544yaQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dropwizard-us...@googlegroups.com.

[Steve Kradel]

Although this is straying afield from the original question and from Dropwizard: you'll probably want to dig into the implementation of the swagger-ui pages.  If memory serves there is an already-considered notion of plugging in an API key somewhere in there.  Nothing automagical really.

Internally we have doctored up Dropwizard's authentication system to allow HTTP Basic auth only some of the time--yes on same-origin requests, no otherwise mostly--which makes for a nice enough swagger-ui experience.  In the bigger picture it is quite useful to support basic, bearer token, SSL client certificate, JWT, etc., under varying conditions.

On Friday, November 1, 2019 at 3:48:10 PM UTC-4, Jason Novotny wrote:

Thanks Steve,

I'm trying to get Swager UI to be usable-- here's my basic problem:

1. I have an endpoint called /auth/login.

As you can see from the screenshot it works and it returns the token that is used in subsequent calls requiring authentication.

2. Given an API endpoint requiring authentication-- how can a Swagger UI user call this API? How to pass in the token from above?

Thanks, Jason

On 11/1/19 12:30 PM, Steve Kradel wrote:

@ApiParam(hidden = true) will tell Swagger/OpenAPI not to include that parameter in the spec.

On Friday, November 1, 2019 at 1:57:12 PM UTC-4, Jason Novotny wrote:

Hi,

Given an API requiring authentciation like so:

@Path("/updateUser")
@POST
public String updateUser(@Auth UserPrincipal userPrincipal, UserRequest user)

How do I add the appropriate annotations in Swagger so that a client can test the API in the Swagger UI?

What I currently get is the attached screenshot

Thanks, Jason

--
You received this message because you are subscribed to a topic in the Google Groups "dropwizard-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dropwizard-user/hH6R2544yaQ/unsubscribe.

To unsubscribe from this group and all its topics, send an email to dropwiz...@googlegroups.com.

[Leonardo Contreras Alfonso]

I use this in the class level:

@SwaggerDefinition(securityDefinition = @SecurityDefinition(
    basicAuthDefinitions = {@BasicAuthDefinition(key = "customer.basic", description = "Customer user/password")}))

this in the method:

@ApiOperation(value = "Some customer login", authorizations = @Authorization("customer.basic"))

and this for the param:

@Auth @ApiParam(hidden = true) Customer customer

--

You received this message because you are subscribed to the Google Groups "dropwizard-user" group.

To unsubscribe from this group and stop receiving emails from it, send an email to dropwizard-us...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/dd36bbef-d1af-4fcb-8b7f-7bdaa32283ac%40googlegroups.com.

--

-----------------------------------------------------------
Leonardo Contreras Alfonso
Bogotá D.C. - Colombia

[Jason Novotny]

Hi Leonardo,

Thanks for the tip. However the  API call requiring authentication doesn't work after I invoke the login API-- I get error 401 that credentials are required to access this resource" because there appears to be no way to supply the token received from the login API call. Does anyone actually use Swagger or is it just for illustration purposes?

If anyone has any swagger page showing how to get a credential and use it in subsequent calls, I'd be highly appreciative.

Thanks, Jason

On 11/1/19 1:03 PM, Leonardo Contreras Alfonso wrote:

@ApiParam(hidden = true)

[Leonardo Contreras Alfonso]

I use it, in an authentication service that handles 4 identity providers, Basic and Bearer.

You need the three annotations, and make sure your swagger is the last version.

--

You received this message because you are subscribed to the Google Groups "dropwizard-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dropwizard-us...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/71f8b7bb-c686-4d39-5134-1dc8d2f716e9%40gmail.com.

[Jason Novotny]

Ah ok, I'm doing Bearer tokens- what are the annotations I need for that?

Thanks, Jason

You received this message because you are subscribed to a topic in the Google Groups "dropwizard-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/dropwizard-user/hH6R2544yaQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to dropwizard-us...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/CABPXi_r45JRk55Bjje2GXHQwajFfh%2B4k3AjsedXNFokZxQQFtA%40mail.gmail.com.

[Leonardo Contreras Alfonso]

In the class level use something like:

@SwaggerDefinition(securityDefinition = @SecurityDefinition(
    apiKeyAuthDefinitions = {
        @ApiKeyAuthDefinition(key = "jwt.auth", name = "Authorization", in = ApiKeyLocation.HEADER, description = "JWT")}))

and change the key in the method level to match.
It's important to note that SwaggerUI doesn't keep a session, you have to provide the authentication for the endpoints that requiere it. There's a lock logo in the methods that requiere authentication, it opens the form to provide your previously acquired token.

To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/CAJrD__-eS2j--Fqxyvnv5F2GBYmbdrsM2L09npoNm0cs7FZfWg%40mail.gmail.com.

[Jason Novotny]

Hi Leonardo,

Really appreciate the help you provided! That works :-)

Thanks, Jason

To view this discussion on the web visit https://groups.google.com/d/msgid/dropwizard-user/CABPXi_phKw8__%3D1dmWuuqnh%3DeOAfReJiAOi%3Dw-CqHvAb%3DoC%3Dsw%40mail.gmail.com.