search

gothinkster / realworld

"The mother of all demo apps" — Exemplary fullstack Medium.com clone powered by React, Angular, Node, Django, and many more
https://www.realworld.how/
MIT License
80.28k stars 7.31k forks source link

Bearer Authentication #532

Open seranotannason opened 4 years ago

seranotannason commented 4 years ago

In the API spec swagger.json, the authentication scheme is defined as:

"Token": {
      "description": "For accessing the protected API resources, you must have received a a valid JWT token after registering or logging in. This JWT token must then be used for all protected resources by passing it in via the 'Authorization' header.\n\nA JWT token is generated by the API by either registering via /users or logging in via /users/login.\n\nThe following format must be in the 'Authorization' header :\n\n    Token: xxxxxx.yyyyyyy.zzzzzz\n    \n",
      "type": "apiKey",
      "name": "Authorization",
      "in": "header"
    }

Shouldn't it be of "type": "http", "scheme": "bearer", "bearerFormat": "JWT"?

geromegrignon commented 2 years ago

Right the expected format in securitySchemes: section of the API Documentation should be:

BearerAuth: 
      type: http
      scheme: bearer
      bearerFormat: JWT

Changes would have to be made in the v2 branch as Token is still used as a solution.

himanshu-sharmav commented 8 months ago

hello @geromegrignon I want to contribute to this, please assign me this.

sooryadev007 commented 3 weeks ago

hey @geromegrignon is the issue still open for contribution I would like to make one