Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Authorization input

See original GitHub issue

I realise that this might not be specifically related to feathers-swagger. But we should be able to figure this out together, and add it to this repos installation instructions

Expected behavior

Input field in header that allows the user to add a token to be included with every request.

Actual behavior

No token gets added to requests

What I have done

Installed current feathers-cli
generated new app
added featers-swagger as stated in readme customized docs.html to add a input#input_apiKey field to the header

app.js:

const swagger = require('feathers-swagger');
...
app.use(compress())
  .options('*', cors(corsOptions))
  .use(cors(corsOptions))
  .use(favicon( path.join(app.get('public'), 'favicon.ico') ))
  .use('/', serveStatic( app.get('public') ))
  .use(bodyParser.json())
  .use(bodyParser.urlencoded({ extended: true }))
  .configure(hooks())
  .configure(swagger({
    docsPath: '/docs',
    uiIndex: path.join(__dirname, '../docs/docs.html'),
    info: {
      title: 'Feathers app API server',
      description: 'This server allows... '
    }
  }))
  .configure(rest())
  .configure(socketio())
  .configure(services)
  .configure(middleware);
...

services/user/index.js:

module.exports = function() {
  const app = this;

  const options = {
    Model: user,
    paginate: {
      default: 5,
      max: 25
    }
  };

  const Service = service(options);

  Service.docs = {
    description: 'A service to manage users',
    definitions: {
      users: {
        "type": "object",
        "required": [
          "email",
          "password"
        ],
        "properties": {
          "email": {
            "type": "string",
            "description": "User email"
          },
          "password": {
            "type": "string",
            "description": "User Password"
          },
          "createdAt": {
            "type": "string",
            "description": "object creation date"
          },
          "updatedAt": {
            "type": "string",
            "description": "Last time the object was updated"
          }
        }
      }
    }
  };

  // Initialize our service with any options it requires
  app.use('/users', Service);

  // Get our initialize service to that we can bind hooks
  const userService = app.service('/users');

  // Set up our before hooks
  userService.before(hooks.before);

  // Set up our after hooks
  userService.after(hooks.after);
};

Oher notes

window.ApiKeyAuthorization is deprecated. we should use SwaggerClient.ApiKeyAuthorizationinstead window.authorizations is deprecated. We should use SwaggerUi.api.clientAuthorizations.add()instead.

Issue Analytics

State:
Created 7 years ago
Comments:9 (3 by maintainers)

Top GitHub Comments

2reactions

ivanmarjanoviccommented, Jul 10, 2018

If anyone is interested I did manage to solve this issue, by forking the repo and fixing the issue.

https://github.com/ivanmarjanovic/feathers-swagger

Swager Specification is now inline with 2.0 version documentation

https://swagger.io/docs/specification/2-0/authentication/

Correct usage on a global level is:

security: [
    {
     APIKeyHeader: []
    }
  ],
securityDefinitions: {
    APIKeyHeader: {
      type: 'apiKey',
      name: 'Authorization',
      in: 'header'
    }
 }

Also for every service you want to protect you need to add additionl parameter that states which methods are protected.

securities: ['find', 'create', 'get', 'update', 'patch', 'remove'],

Works with Swagger UI/Editor default implementation.

1reaction

ivanmarjanoviccommented, Oct 2, 2018

Hi @gabrielperales, I did, since version 0.7.2 it should be in main repo. I didn’t had time check but it should work. Also I have one more fix that i have found in mean time and i am thinking to extend functionality with option to ignore specific methods of service from swagger (in case that e.g. update and patch are not used on service). Not sure that such PR will be accepted “as is”.

Top Results From Across the Web

Authorization - HTTP - MDN Web Docs - Mozilla

The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a ......

Authorization Input | Connect REST API Developer Guide

Name Type Required or Optional Available Version accountId String Required 49.0 amount Double Required 49.0 comments String Optional 49.0

Input authorisation input authorization verifies that - Course Hero

Input authorisationInput authorizationverifies that all transactions have been authorised and approved bymanagement. Authorisation of input helps ensure ...

OAuth 2.0 for TV and Limited-Input Device Applications

This document explains how to implement OAuth 2.0 authorization to access Google APIs via applications running on devices like TVs, game ...

Creating a custom authorization form - IBM

You can create a custom authorization form for the OAuth authorization stage.