/openapi.json not found in Production when protecting API docs behind authentication

First Check

• I added a very descriptive title to this issue.
• I used the GitHub search to find a similar issue and didn’t find it.
• I searched the FastAPI documentation, with the integrated search.
• I already searched in Google “How to X in FastAPI” and didn’t find any information.
• I already read and followed all the tutorial in the docs and didn’t find an answer.
• I already checked if it is not related to FastAPI but to Pydantic.
• I already checked if it is not related to FastAPI but to Swagger UI.
• I already checked if it is not related to FastAPI but to ReDoc.

Commit to Help

• I commit to help with one of those options 👆

Example Code

from fastapi import FastAPI, Depends, HTTPException, status
import secrets
from fastapi.security import HTTPBasic, HTTPBasicCredentials

from fastapi.openapi.docs import get_swagger_ui_html
from fastapi.openapi.utils import get_openapi

security = HTTPBasic()

def get_current_username(credentials: HTTPBasicCredentials = Depends(security)):
    correct_username = secrets.compare_digest(credentials.username, "user")
    correct_password = secrets.compare_digest(credentials.password, "password")
    if not (correct_username and correct_password):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect email or password",
            headers={"WWW-Authenticate": "Basic"},
        )
    return credentials.username

app = FastAPI(
    title = "Swagger", 
    root_path = "/api/assistant",
    version = "0.1.0",
    docs_url=None, redoc_url=None, openapi_url = None)

@app.get("/",)
def hello_world():
    return 'Hello, World!'

@app.get("/docs", include_in_schema=False)
async def get_documentation(username: str = Depends(get_current_username)):
    return get_swagger_ui_html(openapi_url="/openapi.json", title="Swagger")

@app.get("/openapi.json", include_in_schema=False)
async def openapi(username: str = Depends(get_current_username)):
    return get_openapi(title=app.title, version=app.version, routes=app.routes)

Description

Hi all, I am new to FastAPI. I migrated from Flask right away when I noticed how much simpler it is with FastAPI and how much better the support is. I am really glad that frameworks like this exist! 😃

The general stuff with setting everything up and using the APIs is working amazingly well. When deploying, I had to specify a root_path as described here https://fastapi.tiangolo.com/advanced/behind-a-proxy/ as I am deploying to a k8s cluster on Azure which is using nginx. That worked.

Now I want additionally to hide the documentation behind authentication, as described in #364 - the code works for me, but only on localhost. When deploying (of course still specifying the same root_path), after logging in on /docs I get the following message: Which is the same as if I had not specified root_path. However, accessing /openapi.json via the browser manually works perfectly fine! I have no idea where the problem is coming from. I have been googling and trying out things for hours, but can’t find a solution here. I have a suspicion it has something to do with the routes=app.routes argment in get_openapi.

The example code is only partly helpful here, the problem really only occurs when the app is deployed. I checked the spelling, and I also tried passing root_path it via Dockerfile with no success.

Any help would be greatly appreciated!! Thank you so much.

Operating System

Windows

Operating System Details

No response

FastAPI Version

0.70.0

Python Version

3.9.2

Additional Context

No response