Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[Question] Configuration of Athorization-Header with OAS3

See original GitHub issue

SpringBoot 2.3.0 SpringFox 3.0.0

We used to have configured a globalRequestParameter to add an Authorization-Header. This still work with the Docket configured for SWAGGER2 - but the header seems to be dropped when setting the Docket up for OAS3.

The Authorization-Header does not show up anymore in the curl-block when using OAS3.

// Docket docket = new Docket(DocumentationType.OAS_30);
Docket docket = new Docket(DocumentationType.SWAGGER_2);
RequestParameterBuilder parameterBuilder = new RequestParameterBuilder()
    .in(ParameterType.HEADER)
    .name("Authorization")
    .required(true)
    .query(param -> param.model(model -> model.scalarModel(ScalarType.STRING)));
docket.globalRequestParameters(Collections.singletonList(parameterBuilder.build()));

grafik

How can we achieve the same behaviour in OAS3 like with SWAGGER2? We have a mix of BasicAuth and JWT, so both should still work.

Issue Analytics

State:
Created 3 years ago
Comments:9 (4 by maintainers)

Top GitHub Comments

6reactions

dilipkrishcommented, Jul 22, 2020

The way you’d do that is not by specifying a header. Here is how you’d do the same globally with springfox.

https://github.com/springfox/springfox/blob/861764c7823e51b0805e554ccfda0361b3e3bd7e/oas-contract-tests/src/main/java/springfox/test/contract/oas/OpenApiTestConfig.java#L50-L61

Also note you can specify targeted security contexts using the docket.securityContext API which is also documented?

1reaction

UglyBarnaclecommented, Jul 22, 2020

looks like it is an restricted value to set the Authorization-header and we are left to use the SecurityScheme then in case we move to OAS3

https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.2.md#parameterObject

If in is “header” and the name field is “Accept”, “Content-Type” or “Authorization”, the parameter definition SHALL be ignored.

Top Results From Across the Web

how to add Authorization header by using open api swagger doc

OpenApiConfig package com.user.demoapp.config; import io.swagger.v3.oas.models.Components; import io.swagger.v3.oas.models.

Spring Boot + Swagger 3 (OpenAPI 3) + Security Example ...

OpenAPI 3.0 lets you describe APIs protected using the following security schemes: HTTP authentication schemes (they use the Authorization header):. Basic ...

OpenAPI Specification — Swagger Authentication - Medium

Swagger Configuration using Bearer Authentication. Step 3: The Authorize button : Run the application. Authorize button.

OpenAPI Specification - Version 3.0.3 - Swagger

If in is "header" and the name field is "Accept" , "Content-Type" or "Authorization" , the parameter definition SHALL be ignored. For all...

OpenAPI Specification v3.1.0 | Introduction, Definitions, & More

If in is "header" and the name field is "Accept" , "Content-Type" or "Authorization" , the parameter definition SHALL be ignored. For all...