Open yourbuddyconner opened 1 year ago
Thank you very much I was searching for it the whole day!
docs.spec.options["security"] = [{"Bearer": []}]
applies security to the entire specification, if you want to apply it individually it should be added to endpoints where needed with the @doc decorator, example:
@app.route("/protected")
@doc(description="secure endpoint", security=[{"Bearer": []}])
@jwt_required()
def protected():
pass
Less of an issue, more of a resource for people looking to do this because the docs don't clearly specify it.
I am using a chain of flask plugins and it wasn't clear at which level to do it.
Using:
flask-httpauth implements a HTTPTokenAuth scheme, which based on my read of the code, enforces a
Bearer
prefix to an authorization header (as it should).Problems:
Here's some code for how I was able to activate the authorization button in the swagger UI:
The apispec docs include mention of adding security schemes, but neglect to mention that you need to add a top-level reference to it in options if you want the UI to enforce auth, which I have added here.
Note: you must manually prefix your API token with
Bearer
likeBearer <token>
in the swagger UI as I wasn't able to identify how to get it to do it automagically.