search

mulesoft / api-console

An interactive REST console based on RAML/OAS files
Other
911 stars 236 forks source link

Console is showing empty drop down to select authorization method #491

Open nmarinel01 opened 7 years ago

nmarinel01 commented 7 years ago

Steps to reproduce: 1- Open console for the following RAML

#%RAML 1.0
baseUri: https://mocksvc.mulesoft.com/mocks/6d857d1b-1bea-4d7a-af88-dcd920181f01 # 
title:
securitySchemes: 
  jwt1:
    description: |
      Authorization with JWT Token passed as `authorization` header. See Headers section.
    type: Pass Through
    describedBy:
      responses:
        401:
          description: |
            Bad or expired token

            ```json

            {
              "message": "Bad or expired token"
            }

    403:
      description: |
        Access denied due to invalid access rights

        ```json

        {
          "message": "Access denied"
        }

        ```
      body:
        application/json:
          examples:
            access-denied:
              reason : 'bad token'
  headers:
    authorization:
      type: string
      description: |
          The base-64 encoded ....
      required : true
      example: eyJhbGciOiJTSEEtSGFtZHVsbGFoIn0=.eyJzdWIiOiI0MjUwMzM5Yy01YTZhLTQ5ZT gtOGJhOS1kOTdiNzIzZGRhMmEiLCJsb2NhbGUiOiJkZV9ERSIsIn JvbGVzIjpbIlJPTEVfVVNFUl9CQVNJQyJdfQ==.mumboJumbo

/jwt1: securedBy: jwt1 get: body: application/json: responses: 200: description: OK body: application/json: example: "success"


2. Enable mocking service
4. Navigato to /jwt1 resource get method, click on "Try it"
5. Select tab Authorization
6. Click on option arrow down to select

The drop down is shown empty, there is no way to enter authorization required so the send always fails
sichvoge commented 7 years ago

Is this in context with the API designer? The console does not have a mocking service perse :)

nmarinel01 commented 7 years ago

Hi @sichvoge ! you are right, just replace that step by adding a baseUri that points somewhere. The thing is that when you do Try It, authorization method dropdown is empty when it should have Pass Through value. Adding screenshot. image

jarrodek commented 7 years ago

Sorry for long wait list. Authorization is the next feature to correct in ARC and API Console. Since this is new feature in ARC this will wait until next release of ARC (which should be done in coming days). After that the plan is to support all security schemes.

jarrodek commented 7 years ago

Just to stress out my concerns. The API Console that makes a request in the browser environment won't use this information anyway. There's no way to set auth data for pass through or digest on a request object. Therefore event if the user fill in this form it won't be used. On the other hand, if the request is handled by hosting application or the proxy server then this information have to be passed to the proxy as it actually may make use of it. Because of that this 2 authorization methods must be supported in the console but it introduces usability issues when running in browser only environment (without proxies).

jarrodek commented 4 years ago

This goes into support for Pass Through roadmap item.