marcgibbons
commented
8 years ago @excieve Well that was embarrassing, lib was in my gitignore file. Pushed 2.0.1. Should be fixed!
Closed excieve closed 8 years ago
marcgibbons
commented
8 years ago @excieve Well that was embarrassing, lib was in my gitignore file. Pushed 2.0.1. Should be fixed!
excieve
commented
8 years ago @marcgibbons It works now, thanks for a quick response! Except API itself looks very incomplete now... but I suppose that's not in DRS' domain anymore.
marcgibbons
commented
8 years ago @excieve Thank YOU for flagging this!
Correct. This is being pushed up to to CoreAPI and Django REST which doesn't have all the features previously available in DRS, but this is actively being developed. I'll be working towards allowing overrides and additional configuration in this project (i.e. Swagger specific settings) which may not be part of the CoreAPI specification.
Would be good to start a whishlist :)
excieve
commented
8 years ago Well, the biggest issue so far is missing resources, which have IsAuthenticated permission class (default in my case). Then docstrings don't seem to make their way into the descriptions. Also I know YAML config in the docstrings is deprecated but I've been using this a lot to specify special cases like params not in serializer, response messages, omit serializers in some custom view set views, omit parameters when serializer is only used for response, etc. There should be some way to configure all this IMO.
excieve
commented
8 years ago API resources that require authentication only display if I put the session auth class into the DRF configs and authenticate my user. But this doesn't really make sense since I want the whole API documentation to be available regardless of whether it needs auth when used or not. Also I'm using JWT auth exclusively for the API and don't really want session auth to be available for it.
marcgibbons
commented
8 years ago Great feedback. The authentication issue should be solvable in the current version.
I want the whole API documentation to be available regardless of whether it needs auth
This can be achieved by omitting the request context from the schema generator.
@api_view()
@renderer_classes([renderers.CoreJSONRenderer])
def schema_view(request):
return generator.get_schema()I'm using JWT auth exclusively for the API and don't really want session auth to be available for it
Great! Although JWT is not supported by Swagger, if you have a token, or some other payload you can configure the authorization to accept your token.
You should be able to do all this by customizing SWAGGER_SETTINGS.
SWAGGER_SETTINGS = {
'USE_SESSION_AUTH': False,
'SECURITY_DEFINITIONS': {
'jwt': {
'type': 'apiKey',
'name': 'Authorization',
'in': 'header'
}
}
}(The security definition comes from the Swagger/OpenAPI 2.0 specification)
For docstrings / description, I'd expect this to be coming from Django REST Framework soon.
Hope this helps!
excieve
commented
8 years ago This can be achieved by omitting the request context from the schema generator.
Thanks for this! Would be great to document it in DRS. Speaking of which, I think the example in the quick start doesn't really work (at least it didn't for me, while the one in example app works).
Although JWT is not supported by Swagger, if you have a token, or some other payload you can configure the authorization to accept your token.
Yes, I'm aware of this and using in 0.3. It was just in the context of auth-requiring resources not being rendered.
marcgibbons
commented
8 years ago You are 100% correct. I will update the docs - I think this needs to be updated in DRF as well.
seclace
commented
7 years ago Hi all! I add JWT authorization in swagger, but how can I save this when reloading the page? I beleive there is some approach to make it may be with overriding template, but how can I override it?
Just upgraded to DRF 3.4.0 and DRS 2.0.0, after reconfiguring according to the example app the Swagger UI shows the header and an empty page. Lots of 404s in the network log and indeed the base template seems to load many JS files that don't exist anymore.