Closed wraycode closed 6 years ago
You can do that under nelmio_api_doc: documentation:
, an example:
nelmio_api_doc:
documentation:
security_definitions:
api_key:
type: apiKey
name: api_key
in: header
security:
api_key: []
The best is to look at http://swagger.io/specification/ to know the fields available.
I need to write securityDefinitions
like in spec.
Also, lock icon is missing, Authorization popup seems broken: no cross to close it.
How can I mark an action as using authorization/security?
I use voters, so I can't use @Security
annotation :/
Is JWT supported by swagger ? https://github.com/swagger-api/swagger-ui/issues/3387 https://github.com/zircote/swagger-php/issues/366
you can pass a token in as a header parameter
@SWG\Parameter( name="Authorization", in="header", required=true, type="string", default="Bearer TOKEN", description="Authorization" )
I have tried following and so many other solutions, but it is failing to pick up any security settings. I have even installed dev-master
, but no hope.
nelmio_api_doc:
documentation:
security_definitions:
api_key:
type: apiKey
name: api_key
in: header
security:
api_key: []
Only this solution works, but its not proper solution to put in all the api calls..
@SWG\Parameter( name="Authorization", in="header", required=true, type="string", default="Bearer TOKEN", description="Authorization" )
@iBasit, is your custom config well exposed? (you can check by looking at the sources of the doc page)
If it is, then that's probably an issue in swagger-ui.
Yes, it is exposed, because configuration info for title, version, and description is working fine, but not the security.
The security
field support is quite new so it might not be exposed while the rest is.
You need to change from security_definitions
to securityDefinitions
@Alex-D — Thank you, it start showing "Authorize button" after clicking it shows following:
After pressing it shows
But after testing the API call, it does not show api_key in the header definition.
Following is the config I have set it up.
documentation:
securityDefinitions:
api_key:
type: apiKey
name: api_key
in: header
security:
api_key: [session]
Do you know what I'm missing now or what I'm doing wrong now?
I think it's a nelmio-api-doc/swagger-ui issue because it does not works for me too.
@iBasit are you still using it under security
?
Also aren't you suppose to define scheme: Bearer
?
@iBasit You have to define the security node as following (note the dash before api_key):
security:
- api_key: []
It is because the JavaScript behind expects an array.
However, it remains a problem with the swagger-ui bundle who seems to transform the header name in lower case.. So you get your "Authorization" header as "authorization" which is quite annoying. (see screenshot below)
@noglitchyo Can you paste your full configuration settings here. I see you even got name working and bearer
. I'm so lucky, even now I cant manage to get it working lol.. So maybe after you share your configuration, maybe that will help.
@GuilhemN I did try scheme: Bearer
but it didn't work for me, it was actually throwing an error.
@iBasit To get the Bearer I put it directly in the api input with my token This is my full configuration settings:
nelmio_api_doc:
models: { use_jms: false }
routes:
path_patterns:
- ^/api/[^doc]
documentation:
info:
title: My API
description: Amazing right?
version: '0.1'
securityDefinitions:
api_key:
type: apiKey
description: Your Json Web Token
name: authorization
in: header
security:
- api_key: []
Edit: I have seen your deleted answer in my emails (no luck! ^^'), so do not forget to remove the "session" between brackets for api_key :) Yes the authorization header is present on your screenshot and contains "session"
finally working now!.
I hope they fix few stuff, we have OAuth, so will implement those settings too, later on, see if that works.
@noglitchyo Can use tell me how you configured a ControllerRoute, where you reused your defined Bearer-Authorization?
@Alex-D is it mie or is the Close-Button still missing for the Authorization-Overlay
Yep, you need to add that: https://github.com/Collect-io/Collect.io/blob/develop/back/app/Resources/NelmioApiDocBundle/views/SwaggerUi/index.html.twig#L101
I'm sure it could be done here: https://github.com/nelmio/NelmioApiDocBundle/blob/master/Resources/views/SwaggerUi/index.html.twig
But I did not have time to make a PR for the moment.
Thanks @Alex-D. @noglitchyo: i got it working with your config.
What about impliment Bearer Authentication It should be like basic https://swagger.io/docs/specification/authentication/bearer-authentication/
Thank you in advance.
You point the OpenAPI 3.0.0, we are in Swagger 2.0.0 here I guess.
Would anyone be interested in writing an article in our docs to help others deal with this ? :)
I am interested in doing this. But i could start at earliest in february
I don't think that's a problem, it would be very nice of you :)
Since i still have some questions about this, i would like to talk to you about this upfront in february, okay?
2018-01-10 14:52 GMT+01:00 Guilhem N notifications@github.com:
I don't think that's a problem, it would be very nice of you :)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/nelmio/NelmioApiDocBundle/issues/1029#issuecomment-356608015, or mute the thread https://github.com/notifications/unsubscribe-auth/AECBhkHkrtQuijD4OKnveURr0z2j-BDgks5tJMCtgaJpZM4OHQYI .
Well i'm not sure I'm the best placed to answer your questions about auth but I can do my best to of course.
In case you're interested, i managed to configure oAuth with both password and client_credentials flow with this configuration:
nelmio_api_doc:
documentation:
securityDefinitions:
password:
type: oauth2
description: provides a password flow access_token
flow: password
tokenUrl: /oauth/v2/token
name: Authorization
client_credentials:
type: oauth2
description: provides a client_credentials flow access_token
flow: application
tokenUrl: /oauth/v2/token
name: Authorization
security:
- password: []
- client_credentials: []
I still get the lower case 'bearer' keyword in the Authorization header making all of the calls fail. As I've got to understand this problems comes out of FOSOAuthServerBundle, as this issue points out: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/issues/180
The solution for the ones here working with both bundles, would be to add this to the fosoauth config:
fos_oauth_server:
service:
options:
token_type: Bearer
Any update about doc or some help? on version 2.x my config was:
nelmio_api_doc:
name: API Documentation
motd:
template: 'api_motd.html.twig'
sandbox:
authentication:
delivery: http
type: bearer
body_format:
default_format: json
request_format:
formats:
json: application/json
method: accept_header
when I enter api key: in header was: Authorization: Bearer ey.......XvG0Gsc
Can someone provide config, doc or etc for version 3.0?
Also in swagger-ui-bundle.js I find next code. As I understand it's means Bearer can be added in Authorization. But how it should be in config?
function i(e) {
var t = e.request, n = e.securities, r = void 0 === n ? {} : n, i = e.operation,
o = void 0 === i ? {} : i, a = e.spec, s = (0, f.default)({}, t), u = r.authorized,
l = void 0 === u ? {} : u, p = o.security || a.security || [], h = l && !!(0, c.default)(l).length,
m = (0, d.default)(a, ["components", "securitySchemes"]) || {};
return s.headers = s.headers || {}, s.query = s.query || {}, (0, c.default)(r).length && h && p && (!Array.isArray(o.security) || o.security.length) ? (p.forEach(function (e, t) {
for (var n in e) {
var r = l[n], i = m[n];
if (r) {
var o = r.value || r, a = i.type;
if (r)
if ("apiKey" === a) "query" === i.in && (s.query[i.name] = o),
"header" === i.in && (s.headers[i.name] = o),
"cookie" === i.in && (s.cookies[i.name] = o);
else if ("http" === a) {
if ("basic" === i.scheme) {
var u = o.username, c = o.password, p = (0, v.default)(u + ":" + c);
s.headers.Authorization = "Basic " + p
}
"bearer" === i.scheme && (s.headers.Authorization = "Bearer " + o)
}
else if ("oauth2" === a) {
var f = r.token || {}, h = f.access_token, d = f.token_type;
d && "bearer" !== d.toLowerCase() || (d = "Bearer"), s.headers.Authorization = d + " " + h
}
}
}
}), s) : t
}
documentation added in #1265
I want to use api key or jwt in later, but for now I just want /api/doc to use
I tried to run ./bin/console debug:config NelmioApiDocBundle
But all it lists is the basic config, where are the rest of the options?