search

swagger-api / swagger-ui

Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
https://swagger.io
Apache License 2.0
26.61k stars 8.96k forks source link

Multiple authentication not honored on initial schema request #10129

Open stefanofusai opened 2 months ago

stefanofusai commented 2 months ago

Dear Swagger team, thanks for your work!

I'm unfortunately experiencing a ux-breaking issue for my product. My need is to allow multiple authentication types, as described here:

The issue I have is that when inputting both values in the Available authorization form:

image

Only the jwtAuth header (Authentication) is passed to the schema request that gets sent after I click Authorize, resulting in a schema with no endpoints (as the X-API-Key header is not being passed)

The behavior I'm looking for instead is for both headers to be sent to the schema if both are input in the Available authorizations form. The weird thing is that if I try out the endpoints, I can see both headers being sent!

My openapi version is 3.0.3. My components section looks like this:

"components": {
    "securitySchemes": {
        "ApiKeyAuth": {
            "type": "apiKey",
            "in": "header",
            "name": "X-API-Key"
        },
        "jwtAuth": {
            "type": "http",
            "scheme": "bearer",
            "bearerFormat": "JWT"
        }
    }
}

And this is what the security section of my endpoints looks like:

"security": [
    {
        "ApiKeyAuth": []
    },
    {
        "ApiKeyAuth": [],
        "jwtAuth": []
    }
]

Thank you for the help!