Open solidfish opened 10 years ago
ryankennedy
commented
10 years ago I don't think it should actually be ignored. If you ignore it then you can't indicate whether or not the resource is protected or not. I've been wanting to find a good way to pass to the doclet what form of authentication is being used (basic, digest, OAuth, etc) but haven't had the time to do so.
solidfish
commented
10 years ago Yes, that would be nice too. I was only thinking about my current usage with BasicAuth, where I am fine with the indication offered by the browser when it prompts for credentials... I'd just like the @Auth parameter not to show up as a body parameter. Admittedly that wouldn't work at all for other auth methods - wouldn't even work too well with @Auth(required=false) for that matter. I suppose Swagger has some amount of flexibility in terms of handling authentication? I see you can provide an api key, not sure how that's used. On the doclet side I would think that to do this properly you'd just need to defer to whatever framework is providing the authentication. That or a simpler but redundant annotation-based implementation I suppose.
ilesm
commented
9 years ago I find this annoying too and I don't know how to fix it. All of my resources that take @Auth have an additional body field in Swagger UI. It seems to me like @ApiParam should have a boolean hidden() default false method, but it doesn't.
tomaytotomato
commented
6 years ago Yea I agree this is very annoying especially when dealing with JSON Web token authentication.
Here's a screenshot:
In dropwizard, the authenticated principal is passed to a resource method as a parameter annotated with @Auth, which should be ignored for documentation purposes. I am not yet sure how this could/should be done in a general manner by the doclet, but it would be nice.