search

IndominusByte / fastapi-jwt-auth

FastAPI extension that provides JWT Auth support (secure, easy to use, and lightweight)
http://indominusbyte.github.io/fastapi-jwt-auth/
MIT License
636 stars 144 forks source link

Authorization Header not set in SwaggerUI #5

Closed baccenfutter closed 3 years ago

baccenfutter commented 3 years ago

When using the API via FastAPI's built-in SwaggerUI, a field for the Authorization header is shown in the JWT endpoints, however the header seems to not be set in the request, resulting in the following error:

{
  "detail": "Missing Authorization Header"
}

Example

from fastapi import Depends, HTTPException
from fastapi_jwt_auth import AuthJWT

app = FastAPI()

@app.post('/login', responses={401: {'model': {}}})
async def login(user: AuthModel, Authorize: AuthJWT = Depends()):
    if not authenticate(user.username, user.password):
        raise HTTPException(status_code=401,detail='bad username or password')

    # identity must be between string or integer
    return {
        'access_token': Authorize.create_access_token(identity=user.username),
        'refresh_token': Authorize.create_refresh_token(identity=user.username)
    }

@app.post('/refresh')
async def refresh(Authorize: AuthJWT = Depends()):
    Authorize.jwt_refresh_token_required()

    current_user = Authorize.get_jwt_identity()
    return {
        'access_token': Authorize.create_access_token(
            identity=current_user,
            fresh=False,
        ),
    }

When I navigate to http://localhost:8000/docs I am presented with my two endpoints.

  1. I log in using the /login endpoint
  2. I copy the refresh token
  3. I paste it into the authorization field of the /refresh endpoint
  4. I execute the /refresh endpoint

I then get the error show above.

I've also noticed that the header isn't show to be set in the curl command, shown in the SwaggerUI:

curl -X POST "http://localhost:8000/refresh" -H  "accept: application/json" -d ""

Versions

fastapi==0.61.1
fastapi-jwt-auth==0.2.0

Is this possibly related to https://github.com/swagger-api/swagger-ui/issues/981#issuecomment-277922089?

IndominusByte commented 3 years ago

hmm for the next version I use request from starlette instead Header from fastAPI to get header name, In some cases, you want to change Authorization header to Auth or something like that and because I use request from starlette, swagger UI doesn't support. @baccenfutter you can check my code

IndominusByte commented 3 years ago

but in your cases, it's a mistake from fastAPI related to you mention