Login/Register
Why is the Authorization header missing in requests sent from Swagger UI?
Asked Answered
Solved node.jsswaggerswagger-uiopenapiswagger-2.0
F

3

10

I want to add a documentation to my Node.js API, for this I have a YAML file where I put my definitions, the swagger doc is at localhost:5000/api-doc and working fine.

Now I have to add Bearer authorization but Swagger with the following definition:

swagger: "2.0"
info:
    version: 1.0.0
    title: My API documentation
    description: >
        My API documentation

host: localhost:5000
basePath: "/v1"
schemes:
    - http
securityDefinitions:
    Bearer:
        type: apiKey
        description: "Value: Bearer "
        name: Authorization
        in: header
paths:
    /users:
        get:
            responses:
                "200":
                    description: "Will send `Authenticated`"
                "403":
                    description: "You do not have necessary permissions for the resource"

When testing the request (I clicked on "Authorize" button at the top right and entered my token) I get following error:

"error": "Authorization header not found.

Why is the Authorization header not included in the request?

Fidelfidela answered 28/4, 2020 at 9:36 Comment(0)
Y
3

securityDefinitions alone aren't enough, you also need to add the security key on the root level or operation level to actually apply the security.

security:
  - Bearer: []
Youngs answered 28/4, 2020 at 11:26 Comment(0)
S
0

Expanding @helen's answer as I could not edit it, This answer is for the people who are using Symfony If you are using NelmioApiDocBundle with Symfony,

You will have to add the configuration at config/packages/nelmio_api_doc.yaml

so it would look like below:

    documentation:
        info:
            title: App name
            description: This is an awesome app!
            version: 1.0.0
        securityDefinitions:
            Bearer:
                type: apiKey
                description: 'Value: Bearer {jwt}'
                name: Authorization
                in: header
        security:
            - Bearer: []
Sweeping answered 16/7, 2021 at 4:37 Comment(0)
Y
0

In my case I was missing the annotation

@SecurityRequirement(name = "JWT")

at the rest controller class.

(Of course "JWT" or whatever matches to your @SecurityScheme name in your OpenApiDefinition.)

Yelmene answered 15/5, 2023 at 16:12 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.