search

poem-web / poem

A full-featured and easy-to-use web framework with the Rust programming language.
Apache License 2.0
3.56k stars 287 forks source link

Swagger UI doesn't send cookie to backend #447

Open chikko80 opened 1 year ago

chikko80 commented 1 year ago

I've defined a security schema that extracts a refresh token from the cookie.

#[derive(SecurityScheme)]
#[oai(
    type = "api_key",
    key_name = "refresh_token",
    in = "cookie",
    checker = "valid_refresh_token"
)]
pub struct UserWithValidRefreshToken(User);

The cookie is present in the browser and the request runs fine if u do the curl request and append the cookie value manually. However, if I try to trigger the endpoint via the SwaggerUI, the backend doesn't receive any cookie. What am I missing here?

TheCataliasTNT2k commented 1 year ago

Important to be fixed... https://swagger.io/docs/specification/authentication/cookie-authentication/

TheCataliasTNT2k commented 1 year ago

It does not, because this is not really possible. See link above:

Note for Swagger UI and Swagger Editor users: Cookie authentication is currently not supported for "try it out" requests due to browser security restrictions. See this issue for more information. SwaggerHub does not have this limitation.

You can use Postman, Insomnia and all of these instead.

chikko80 commented 1 year ago

@TheCataliasTNT2k

Mhm, do you think we should close this?

TheCataliasTNT2k commented 1 year ago

No. This can not "repair" the functionality within the browser right now, but the feature is still missing in poem. There is a possibility to add it to swagger, so it should be done. When it works within the browser, this feature will be helpful, but for documentary reasons it is definitely a good idea, to inplement it even before that.