DarkaOnLine
commented
1 year ago I think you are looking for this flag, which you can control from config: https://github.com/DarkaOnLine/L5-Swagger/blob/master/resources/views/index.blade.php#L64
Closed arraysArrais closed 1 year ago
DarkaOnLine
commented
1 year ago I think you are looking for this flag, which you can control from config: https://github.com/DarkaOnLine/L5-Swagger/blob/master/resources/views/index.blade.php#L64
arraysArrais
commented
1 year ago Hi @DarkaOnLine thanks for answering. I already disabled the flag but the issue still persist. It is also really weird, but swagger seems to bypass sanctum auth. You just need to login once and you're set forever, unless you clear browser cookies/cache.
Even if i manually delete the token from the database, swagger continues to interact normally with the api's, as if nothing had happened. The same behavior cannot be replicated when simulating the requests via postman. It works as intended.
Any tips?
arraysArrais
commented
1 year ago For anyone facing the same problem, I solved it by implementing JWT authentication in my API (instead of sanctum). Now Swagger requests work as intended.
Description:
Auth credentials seems to persist even after clicking in logout button.
Steps To Reproduce:
1- Interact with the API resources while being unauthenticated, you should see 'unauthorized' responses or similar. 2 - Get the access-token 3 - Click 'Authorize' button 4 - Insert token and click 'Authorize' 5 - Interact with the api resources, this time you are authenticated and all endpoints should work 6 - Click 'Authorize' button again 7 - Click 'Logout' button 8 - Interact with the api resources again. You will be able to do anything because you are still authenticated. The only way to really logout is clearing browser cookies/cache