Authorization header not sent by swagger-ui
3,813 views
Skip to first unread message
Justin Robbins
Apr 27, 2013, 4:32:52 PM4/27/13
to swagger-sw...@googlegroups.com
Hello,
I'm trying to configure swagger-ui to send a Basic Auth authorization header. I'm not have any luck so far.
I've added the following swagger-ui/index.html
Firebug does not show the Authorization header getting sent and the API is responding with a 401.
You can take a look yourself at:
http://socialflashcards.com/swagger-ui/index.html
In case you need to see my API's swagger config, you can find it here:
https://github.com/justinhrobbins/FlashCards_App/tree/master/FlashCards_WebServices
Not sure if it's relevant but I'm using CXF.
Please let me know if there is any other info I can provide.
Thanks for your assistance
I'm trying to configure swagger-ui to send a Basic Auth authorization header. I'm not have any luck so far.
I've added the following swagger-ui/index.html
apiKeyName: "Authorization",
headers: {"Authorization": "Basic YXBpdXNlcjphcGl1c2VycGFzc3dvcmQ=" },
supportHeaderParams: true,Firebug does not show the Authorization header getting sent and the API is responding with a 401.
You can take a look yourself at:
http://socialflashcards.com/swagger-ui/index.html
In case you need to see my API's swagger config, you can find it here:
https://github.com/justinhrobbins/FlashCards_App/tree/master/FlashCards_WebServices
Not sure if it's relevant but I'm using CXF.
Please let me know if there is any other info I can provide.
Thanks for your assistance
Justin Robbins
Apr 30, 2013, 8:35:43 AM4/30/13
to swagger-sw...@googlegroups.com
Any thoughts on why the Swagger Ui isn't sending the authorization header? Does the excerpt I provided below look sufficient? Many thanks!
tony tam
Apr 30, 2013, 12:57:43 PM4/30/13
to swagger-sw...@googlegroups.com
Hi Justin, can you send me some credentials so I can test this? You can email me @ fehguy _at_ gmail
tony tam
May 1, 2013, 1:04:29 AM5/1/13
to swagger-sw...@googlegroups.com
OK, you've found an issue. The swagger.js isn't sending the auth headers, but the actual requests are. Will post back when fixed...
Justin Robbins
May 1, 2013, 8:26:19 AM5/1/13
to swagger-sw...@googlegroups.com
Tony,
Would you like me to open an issue in wordnik / swagger-ui for this?--
You received this message because you are subscribed to a topic in the Google Groups "Swagger" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/swagger-swaggersocket/OSJTzRziWzU/unsubscribe?hl=en.
To unsubscribe from this group and all its topics, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
--
Regards,
Justin Robbins
973.479.0448
JustinH...@gmail.com
tony tam
May 1, 2013, 8:46:06 PM5/1/13
to swagger-sw...@googlegroups.com
Sure, with any luck this'll be fixed today.
To unsubscribe from this group and all its topics, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
Kunjan Shah
May 21, 2013, 7:32:19 AM5/21/13
to swagger-sw...@googlegroups.com
Any updates on this issue?
I am facing the same.
tony tam
May 21, 2013, 10:36:01 AM5/21/13
to swagger-sw...@googlegroups.com
Hi, not yet unfortunately. The current work-around is to enable access to the swagger files, and secure just the API operations with headers.
Indraja Punna
Feb 5, 2015, 5:57:27 AM2/5/15
to swagger-sw...@googlegroups.com
Any update on this. I want swagger-ui to send username and password to the api when i click on Try it out button.
How to do this?
1. what should be added on swagger-ui side
2. what extra annotations need to be added in the code?
How to do this?
1. what should be added on swagger-ui side
2. what extra annotations need to be added in the code?
tony tam
Feb 5, 2015, 7:25:35 AM2/5/15
to swagger-sw...@googlegroups.com
Authorization with username and password is simple. Just modify your index.html to set a authorization as follows:
And all your operations which either require the "basic" authorization will have the header applied.
window.authorizations.add("basic", new PasswordAuthorization("basic", username, password));
And all your operations which either require the "basic" authorization will have the header applied.
Indraja Punna
Feb 5, 2015, 11:27:10 PM2/5/15
to swagger-sw...@googlegroups.com
Thanks a lot. That worked.
Indraja Punna
Feb 6, 2015, 3:06:49 AM2/6/15
to swagger-sw...@googlegroups.com
I have nginx acting as a proxy and for basic auth i have added the below lines in nginx:
auth_basic "Restricted Access";
auth_basic_user_file .htpasswd;
It works fine when i access it via curl. But even though I add the below line in swagger-ui that doesnt work.
window.authorizations.add("basic", new PasswordAuthorization("basic", username, password));
It seems headers are not being sent. Can you please help?
Ron Ratovsky
Feb 6, 2015, 4:44:42 AM2/6/15
to swagger-sw...@googlegroups.com
Can you check using your browser's web console to see the actual headers being sent?
Also, which version of the UI do you use?
Also, which version of the UI do you use?
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggers...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
-----------------------------------------
http://swagger.iohttps://twitter.com/SwaggerApi
-----------------------------------------
Indraja Punna
Feb 6, 2015, 8:05:23 AM2/6/15
to swagger-sw...@googlegroups.com
Iam using swagger 2.0
firefox 35.0.1
In webconsole i see the below error with a link. When i click on the link it asked for credentials.Nothing happened after I input the creds.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://myurl. This can be fixed by moving the resource to the same domain or enabling CORS.
I have enabled CORS in nginx. Below is my nginx config snapshot.
location /api/dummy {
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Methods' 'POST,GET,OPTIONS';
add_header 'Access-Control-Allow-Headers' 'Content-Type,Accept,api_key, Authorization';
add_header 'Access-Control-Allow-Credentials' 'true';
auth_basic "Restricted Access";
auth_basic_user_file .htpasswd;
proxy_pass http://localhost:8080/api/dummy;
}
Below are the headers:
Request URL: https://myurl
Request Method: OPTIONS
Status Code: HTTP/1.1 401 Unauthorized
Request Headers 18:28:00.000
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0
Pragma: no-cache
Origin: http://localhost:90
Host: myhost
Connection: keep-alive
Cache-Control: no-cache
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Response Headers Δ238ms
WWW-Authenticate: Basic realm="Restricted Access"
Server: nginx/1.6.2
Date: Fri, 06 Feb 2015 12:58:01 GMT
Content-Type: text/html
Content-Length: 194
Connection: keep-alive
To unsubscribe from this group and all its topics, send an email to swagger-swaggersocket+unsubscri...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsub...@googlegroups.com.
tony tam
Feb 6, 2015, 12:04:53 PM2/6/15
to swagger-sw...@googlegroups.com
Hi, you cannot secure the OPTIONS request to your server. Make that return a 200 and you'll be fine.
Reply all
Reply to author
Forward
Message has been deleted
0 new messages