Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add authorization to header?

See original GitHub issue

Currently I use flask_jwt_extended for API security, how can I define the need of passing Authorization header?

I tried using this: @blp.doc(parameters={'Authorization': {'name': 'Authorization', 'in': 'header', 'description': 'Authorization: Bearer <access_token>', 'required': 'true'}})

but it throw an error

builtins.KeyError KeyError: 'in

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Reactions:2
  • Comments:17 (9 by maintainers)

github_iconTop GitHub Comments

7reactions
georgesequeiracommented, Oct 18, 2019

Hoping this helps others in the future but @DavidM42, I created an API where the entire application required the bearer token. In order to do this, I set the API_SPEC_OPTIONS flask configuration variable before instantiating my flask-smorest API to the following:

    app.config['API_SPEC_OPTIONS'] = {
        'security':[{"bearerAuth": []}],
        'components':{
            "securitySchemes":
                {
                    "bearerAuth": {
                        "type":"http",
                        "scheme": "bearer",
                        "bearerFormat": "JWT"
                    }
                }
        }
    }

    api = flask_smorest.Api(app)

This gave me the ability to set the token at the application level in the swagger ui:

image

Since I wanted to lock down all paths I did this for the flask app

from flask_jwt_extended import verify_jwt_in_request

@app.before_request
def before_jwt():
  verify_jwt_in_request()

This would 401 if the jwt is not present and valid.

5reactions
jul1u5commented, Mar 11, 2020

Note that by using @lafrech suggestion, you still need to add:

api.spec.options["security"] = [{"bearerAuth": []}]

Otherwise SwaggerUI won’t add Authorization header.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Authorization - HTTP - MDN Web Docs - Mozilla
The HTTP Authorization request header can be used to provide credentials that authenticate a user agent with a server, allowing access to a ......
Read more >
Setting Authorization Header of HttpClient - Stack Overflow
What I've used is: client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", "encrypted user/pwd"); Taking encrypted user/pwd from ...
Read more >
Adding Authorization header - Power Platform Community
Solved: Hi guys, I need a help with adding Authorization header to request in custom connector. I found solution there on forum:
Read more >
How to set the Authorization Header of HttpClient in C# ...
How to set the Authorization Header of HttpClient in C#. Here's how to set the authorization header: var clientHandler = new HttpClientHandler(); ...
Read more >
Adding the Authorization header - Cloud - Talend Help Center
In the request editor, you can click Add authorization in the HEADERS section to generate an Authorization header and encode your username and...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

How to structure a real world application

Next page

Question: multiple @response decorators