apiKey pairs not represented well in UI

swagger-api / swagger-ui

Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.

https://swagger.io

Apache License 2.0

26.32k stars 8.92k forks source link

apiKey pairs not represented well in UI #3521

Open daniel-sullivan opened 7 years ago

daniel-sullivan commented 7 years ago

When using apiKey pairs as per: https://swagger.io/docs/specification/authentication/api-keys/

Or in the case of my config below, the Swagger UI still continues to show the two keys as seperate authorizable entries rather than an AND case as they should be handled.

"securityDefinitions": {
    "username": {
      "type": "apiKey",
      "name": "X-Username",
      "in": "header"
    },
    "key": {
      "type": "apiKey",
      "name": "X-ApiKey",
      "in": "header"
    }
  },
  "security": [
    {
      "username": [

      ],
      "key": [

      ]
    }
  ]

Experiencing this with the latest version as of posting.

vivek201 commented 6 years ago

@shockey Any progress or info on this issue?

fschaeffler commented 6 years ago

@webron @hkosova as this issue is already over a year old, I assume you're not going to tackle it all, right?

shockey commented 6 years ago

@fschaeffler, it's still open, so it's still an issue 😄 if it's a priority for you, we'd welcome a pull request that fixes it!

christophe-riolo commented 4 years ago

I'm interested in this issue as I've ran into the same. However as I looked into the code, it seems that the "Available authorizations" popup does not represent the app global security, but rather the securityDefinitions/securitySchemes. I am thus wondering; is this really an issue, or is the intet just badly communicated ?

woostundy commented 4 years ago

@shockey I think it's a flaw of OpenAPI Specification.

kernellpanic commented 3 years ago

This is not fixed.... #4545 and #6155 are closed... The UI still shows A or B the same way A and B

security:    # A OR B
  - A
  - B

security:    # A AND B
  - A
    B

Tested with swagger-ui-3.36.0.zip

Kilipurt commented 3 years ago

Any updates?

jeen-github commented 3 years ago

facing the same issue? Any updates ?

ponelat commented 3 years ago

No updates as of yet. Anyone keen on putting a sketch together of what this would look like in the UI? Else can wait for the next major grooming on security/auth related issues.

braindeaf commented 2 years ago

Has anyone experienced that you can't Try It Out if your authentication keys are paired up as well? ie. in my case The headers are never sent.

hkosova commented 2 years ago

@braindeaf make sure you have security requirements defined for operations or on the root level, e.g.:

security:
  - apiKey1: []
    apiKey2: []

If this doesn't help, open a new issue.

braindeaf commented 2 years ago

Opening a ticket @hkosova. Thank you :)

davidivkovic commented 2 years ago

Any updates?

ChR-iSz commented 1 year ago

Any updates ?

Freedom101 commented 1 year ago

Any updates?

vizardkill commented 1 year ago

Any updates?

BiometricMA commented 1 year ago

I too would look forward to this improvement.

latheesan-k commented 1 year ago

I am also running into the same issue, any update on this? https://stackoverflow.com/questions/75786379/laravel-swagger-l5-swagger-multiple-apikey-in-header-securityscheme

vizardkill commented 1 year ago

Any updates?

leo-arguello-ueno commented 5 months ago

Any updates?

HudsonAfonso commented 3 weeks ago

@hkosova news?

bsgreenb commented 2 weeks ago

@shockey I think it's a flaw of OpenAPI Specification.

That's funny, because on the OpenAPI ticket for this, they blame Swagger-UI.

If the current api version only offers this way to specify mulit-key schemes, this should be handled logically by swagger ui if/until they improve OpenApi spec.

Swagger UI should handle this really common case