Closed wraycode closed 6 years ago
GuilhemN
commented
7 years ago You can do that under nelmio_api_doc: documentation:, an example:
nelmio_api_doc:
documentation:
security_definitions:
api_key:
type: apiKey
name: api_key
in: header
security:
api_key: []The best is to look at http://swagger.io/specification/ to know the fields available.
Alex-D
commented
7 years ago I need to write securityDefinitions like in spec.
Also, lock icon is missing, Authorization popup seems broken: no cross to close it.
How can I mark an action as using authorization/security?
I use voters, so I can't use @Security annotation :/
davidbonachera
commented
7 years ago Is JWT supported by swagger ? https://github.com/swagger-api/swagger-ui/issues/3387 https://github.com/zircote/swagger-php/issues/366
wraycode
commented
7 years ago you can pass a token in as a header parameter
@SWG\Parameter( name="Authorization", in="header", required=true, type="string", default="Bearer TOKEN", description="Authorization" )
iBasit
commented
7 years ago I have tried following and so many other solutions, but it is failing to pick up any security settings. I have even installed dev-master, but no hope.
nelmio_api_doc:
documentation:
security_definitions:
api_key:
type: apiKey
name: api_key
in: header
security:
api_key: []Only this solution works, but its not proper solution to put in all the api calls..
@SWG\Parameter( name="Authorization", in="header", required=true, type="string", default="Bearer TOKEN", description="Authorization" )
GuilhemN
commented
7 years ago @iBasit, is your custom config well exposed? (you can check by looking at the sources of the doc page)
If it is, then that's probably an issue in swagger-ui.
iBasit
commented
7 years ago Yes, it is exposed, because configuration info for title, version, and description is working fine, but not the security.
GuilhemN
commented
7 years ago The security field support is quite new so it might not be exposed while the rest is.
Alex-D
commented
7 years ago You need to change from security_definitions to securityDefinitions
iBasit
commented
7 years ago @Alex-D — Thank you, it start showing "Authorize button" after clicking it shows following:
After pressing it shows
But after testing the API call, it does not show api_key in the header definition.
Following is the config I have set it up.
documentation:
securityDefinitions:
api_key:
type: apiKey
name: api_key
in: header
security:
api_key: [session] Do you know what I'm missing now or what I'm doing wrong now?
Alex-D
commented
7 years ago I think it's a nelmio-api-doc/swagger-ui issue because it does not works for me too.
GuilhemN
commented
7 years ago @iBasit are you still using it under security?
Also aren't you suppose to define scheme: Bearer?
noglitchyo
commented
7 years ago @iBasit You have to define the security node as following (note the dash before api_key):
security:
- api_key: []It is because the JavaScript behind expects an array.
However, it remains a problem with the swagger-ui bundle who seems to transform the header name in lower case.. So you get your "Authorization" header as "authorization" which is quite annoying. (see screenshot below)
iBasit
commented
7 years ago @noglitchyo Can you paste your full configuration settings here. I see you even got name working and bearer. I'm so lucky, even now I cant manage to get it working lol.. So maybe after you share your configuration, maybe that will help.
@GuilhemN I did try scheme: Bearer but it didn't work for me, it was actually throwing an error.
noglitchyo
commented
7 years ago @iBasit To get the Bearer I put it directly in the api input with my token This is my full configuration settings:
nelmio_api_doc:
models: { use_jms: false }
routes:
path_patterns:
- ^/api/[^doc]
documentation:
info:
title: My API
description: Amazing right?
version: '0.1'
securityDefinitions:
api_key:
type: apiKey
description: Your Json Web Token
name: authorization
in: header
security:
- api_key: []Edit: I have seen your deleted answer in my emails (no luck! ^^'), so do not forget to remove the "session" between brackets for api_key :) Yes the authorization header is present on your screenshot and contains "session"
iBasit
commented
7 years ago finally working now!.
I hope they fix few stuff, we have OAuth, so will implement those settings too, later on, see if that works.
chucky2305
commented
7 years ago @noglitchyo Can use tell me how you configured a ControllerRoute, where you reused your defined Bearer-Authorization?
chucky2305
commented
7 years ago @Alex-D is it mie or is the Close-Button still missing for the Authorization-Overlay
Alex-D
commented
7 years ago Yep, you need to add that: https://github.com/Collect-io/Collect.io/blob/develop/back/app/Resources/NelmioApiDocBundle/views/SwaggerUi/index.html.twig#L101
I'm sure it could be done here: https://github.com/nelmio/NelmioApiDocBundle/blob/master/Resources/views/SwaggerUi/index.html.twig
But I did not have time to make a PR for the moment.
chucky2305
commented
7 years ago Thanks @Alex-D. @noglitchyo: i got it working with your config.
koftikes
commented
7 years ago What about impliment Bearer Authentication It should be like basic https://swagger.io/docs/specification/authentication/bearer-authentication/
Thank you in advance.
Alex-D
commented
7 years ago You point the OpenAPI 3.0.0, we are in Swagger 2.0.0 here I guess.
GuilhemN
commented
6 years ago Would anyone be interested in writing an article in our docs to help others deal with this ? :)
chucky2305
commented
6 years ago I am interested in doing this. But i could start at earliest in february
GuilhemN
commented
6 years ago I don't think that's a problem, it would be very nice of you :)
chucky2305
commented
6 years ago Since i still have some questions about this, i would like to talk to you about this upfront in february, okay?
2018-01-10 14:52 GMT+01:00 Guilhem N notifications@github.com:
I don't think that's a problem, it would be very nice of you :)
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/nelmio/NelmioApiDocBundle/issues/1029#issuecomment-356608015, or mute the thread https://github.com/notifications/unsubscribe-auth/AECBhkHkrtQuijD4OKnveURr0z2j-BDgks5tJMCtgaJpZM4OHQYI .
GuilhemN
commented
6 years ago Well i'm not sure I'm the best placed to answer your questions about auth but I can do my best to of course.
noquepoaqui
commented
6 years ago In case you're interested, i managed to configure oAuth with both password and client_credentials flow with this configuration:
nelmio_api_doc:
documentation:
securityDefinitions:
password:
type: oauth2
description: provides a password flow access_token
flow: password
tokenUrl: /oauth/v2/token
name: Authorization
client_credentials:
type: oauth2
description: provides a client_credentials flow access_token
flow: application
tokenUrl: /oauth/v2/token
name: Authorization
security:
- password: []
- client_credentials: []I still get the lower case 'bearer' keyword in the Authorization header making all of the calls fail. As I've got to understand this problems comes out of FOSOAuthServerBundle, as this issue points out: https://github.com/FriendsOfSymfony/FOSOAuthServerBundle/issues/180
The solution for the ones here working with both bundles, would be to add this to the fosoauth config:
fos_oauth_server:
service:
options:
token_type: BearerAny update about doc or some help? on version 2.x my config was:
nelmio_api_doc:
name: API Documentation
motd:
template: 'api_motd.html.twig'
sandbox:
authentication:
delivery: http
type: bearer
body_format:
default_format: json
request_format:
formats:
json: application/json
method: accept_header
when I enter api key: in header was: Authorization: Bearer ey.......XvG0Gsc
Can someone provide config, doc or etc for version 3.0?
koftikes
commented
6 years ago Also in swagger-ui-bundle.js I find next code. As I understand it's means Bearer can be added in Authorization. But how it should be in config?
function i(e) {
var t = e.request, n = e.securities, r = void 0 === n ? {} : n, i = e.operation,
o = void 0 === i ? {} : i, a = e.spec, s = (0, f.default)({}, t), u = r.authorized,
l = void 0 === u ? {} : u, p = o.security || a.security || [], h = l && !!(0, c.default)(l).length,
m = (0, d.default)(a, ["components", "securitySchemes"]) || {};
return s.headers = s.headers || {}, s.query = s.query || {}, (0, c.default)(r).length && h && p && (!Array.isArray(o.security) || o.security.length) ? (p.forEach(function (e, t) {
for (var n in e) {
var r = l[n], i = m[n];
if (r) {
var o = r.value || r, a = i.type;
if (r)
if ("apiKey" === a) "query" === i.in && (s.query[i.name] = o),
"header" === i.in && (s.headers[i.name] = o),
"cookie" === i.in && (s.cookies[i.name] = o);
else if ("http" === a) {
if ("basic" === i.scheme) {
var u = o.username, c = o.password, p = (0, v.default)(u + ":" + c);
s.headers.Authorization = "Basic " + p
}
"bearer" === i.scheme && (s.headers.Authorization = "Bearer " + o)
}
else if ("oauth2" === a) {
var f = r.token || {}, h = f.access_token, d = f.token_type;
d && "bearer" !== d.toLowerCase() || (d = "Bearer"), s.headers.Authorization = d + " " + h
}
}
}
}), s) : t
}
dbu
commented
6 years ago documentation added in #1265
I want to use api key or jwt in later, but for now I just want /api/doc to use
I tried to run ./bin/console debug:config NelmioApiDocBundle
But all it lists is the basic config, where are the rest of the options?