Problem with authorization I can't get endpoints with permissions.

[jesushd12]

Hello, Im having two issues , I'm trying to reproduce the reload page that django rest swagger does when I authorize with a security definition: type: "apiKey", name: "Authorization", in:"header" in settings. But in drf-yash I couldnt get that refresh so I can't get the endpoints that have some permissions based on authorization token.

is this an expected behaviur or i am doing something wrong? and if so how can I get the reload behaviur so I can get the endpoint that has permissions based on token

[tuky]

I believe this was a feature of the old swagger UI. At least, I can confirm, that this was possible in https://github.com/marcgibbons/django-rest-swagger and it's using swagger UI version 2. Apart from that, I would like to have this feature "back", too. Currently, I am looking into customizing the web UI (see https://drf-yasg.readthedocs.io/en/stable/custom_ui.html), but that seems hard and hacky. Another temporary solution I imagine is to include django-rest-swagger and just point its UI to yasg's schema endpoint.

[tuky]

Apart from that, you might be able to get what you want by calling get_schema_view with public=True. I still would like to restore the old behavior, because that enables to get serializers based on the authenticated user (we have very different profile types and as a result differing representations of our resources).

[axnsan12]

I was never aware of such a feature. I guess that would require re-fetching the schema document with the new authentication credentials, but I don't know if/how that's supported by swagger-ui.

I'll try and have a look.

[tuky]

here you can get some history and insights on this topic upstream:

• https://github.com/swagger-api/swagger-ui/issues/4325
• https://github.com/swagger-api/swagger-ui/issues/4324
• https://github.com/swagger-api/swagger-ui/pull/4334

[axnsan12]

In that case I would say it's best to defer this to the swagger-ui folks.

In the meantime, logging in via Django session authentication should achieve your desired result, as swagger-ui cannot prevent cookies from going with the schema fetch.

[tuky]

in the meantime would you be welcoming a PR to introduce block statements for the swagger ui template similar to https://github.com/marcgibbons/django-rest-swagger/blob/master/rest_framework_swagger/templates/rest_framework_swagger/index.html?

[axnsan12]

@tuky sure, that would be awesome!

[axnsan12]

This is implemented via a hack in 1.11.0, together with other auth-related functionality.

[prafulbagai]

Does not work in drf-yasg==1.12.1. Still facing the same issue.

[prafulbagai]

Following are my settings.

SWAGGER_SETTINGS = {
    'SECURITY_DEFINITIONS': {
        'api_key': {
            'type': 'apiKey',
            'name': 'HTTP_AUTHORIZATION',
            'in': 'header'
        }
    }
}

[prafulbagai]

Neither works on 1.11.0

It works on drf-swagger. Checked.

[axnsan12]

You have to enable the related settings.

It works on drf-swagger. Checked.

I don't understand what that means.

[apdelsm]

You have to enable the related settings.

I had the same issue using token auth, and with this settings i can solve.

SWAGGER_SETTINGS = {
    'SECURITY_DEFINITIONS': {
        'api_key': {
            'type': 'apiKey',
            'in': 'header',
            'name': 'Authorization'
        }
    },
    'REFETCH_SCHEMA_WITH_AUTH': True,
}

drf-yasg 1.17.0 Thank you!