Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Swagger UI not working with Basic Authentication // Swagger UI outdated

See original GitHub issue

Hi!

Context

  • hapi version: 17.2.0
  • hapi-swagger version: 9.0.2
  • hapi-auth-basic version: 5.0.0

What are you trying to achieve or the steps to reproduce ?

I have my routes secured with HTTP Basic Authentication using hapi-auth-basic. This is working fine including securing the additional routes generated by hapi-swagger, e.g., /swagger.json, /documentation and static resources.

What I am missing is Swagger UI dealing properly with Basic Authentication.

This is a stripped-down version of my code…

const Hapi = require('hapi');
const HapiSwagger = require('hapi-swagger');
const HapiAuthBasic = require('hapi-auth-basic');

const server = new Hapi.Server({
  routes: { //  route options -> default configuration for every route
    auth: 'simple',
  },
  ...
});

const swagger = {
  plugin: HapiSwagger,
  options: {
    auth: 'simple',
    ...
    securityDefinitions: {
      simple: {
        type: 'basic',
      },
    },
    security: [{
      simple: [],
    }],
  },
};

const provision = async () => {
  try {
    // authentication
    await server.register({ plugin: HapiAuthBasic });
    server.auth.strategy('simple', 'basic', { validate });
    server.auth.default('simple');
    // other plugins
    await server.register([
      ...
      api,
      swagger,
      ...
    ]);
    await server.start();
  } catch (error) {
    console.error(error); // eslint-disable-line no-console
    process.exit(1);
  }
};

provision();

What result did you get?

The generated Swagger UI page (/documentation), however, ignores the security settings of the API and calls the API endpoints (Button “Try it out!”) without setting the Authorization header or displaying any input field for user credentials. The API will, of course, respond with HTTP 401.

The provided /swagger.json does actually include securityDefinitions and security from the plug-in options:

{
  ...
  "schemes": [
    "http"
  ],
  "security": [{
    "simple": []
  }],
  "securityDefinitions": {
    "simple": {
      "type": "basic"
    }
  },
  "swagger": "2.0",
  "tags": []
}

What did you expect ?

Swagger UI sending Authorization header with API requests and/or some means in the UI to set username and password.

Is there anything I am doing wrong? Or is this a bug?

Thanks for your help.

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Reactions:1
  • Comments:5

github_iconTop GitHub Comments

4reactions
frankthelencommented, Jan 18, 2018

My current approach / workaround is this: I am using hapi-swagger to serve /swagger.json and hapi-swaggered-ui to serve the Swagger page. It’s using Swagger UI version 3.9.1 which is correctly dealing with the authentication settings. Very nice.

const HapiSwagger = require('hapi-swagger');
const HapiSwaggerUI = require('hapi-swaggered-ui');

const swagger = {
  plugin: HapiSwagger,
  options: {
    documentationPage: false,
    ...
  },
};

const swaggerUI = {
  plugin: HapiSwaggerUI,
  options: {
    path: '/documentation',
    swaggerEndpoint: '/swagger.json',
    ...
  },
};

...

await server.register(swagger);
await server.register(swaggerUI);

...
0reactions
robmcguinnesscommented, May 26, 2019

Closed in v10.0.0

Read more comments on GitHub >

github_iconTop Results From Across the Web

Swagger UI not working with Basic Authentication ... - GitHub
I checked the swagger.json output with a newer version of Swagger UI (swagger-ui-dist@3.9.1 actually) which worked just fine. "Authorize" button ...
Read more >
Basic Authentication using Swagger UI - Stack Overflow
The core of the problem- Class BasicAuth is deprecated. The solution as found in the bug report above is to use HttpAuthenticationScheme instead ......
Read more >
How to add basic authentication in swagger UI - Google Groups
Hi, I have created swagger spec using swagger spec tool. Everything is fine but when i click "Try It Out" then i get...
Read more >
Basic Authentication - Swagger
Basic authentication is a simple authentication scheme built into the HTTP protocol. The client sends HTTP requests with the Authorization header that ...
Read more >
Authorizing API calls in Swagger
To authorize API calls via the Swagger UI for Orchestrator services in Automation Cloud, perform the following steps: Look for the Authorize button...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Invalid request call when hapi host is set to 0.0.0.0

Next page

Hapi v17 Support