New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bearer Token #428

Closed
mjabian opened this Issue Jun 16, 2017 · 16 comments

Comments

Projects
None yet
@mjabian
Copy link

mjabian commented Jun 16, 2017

I have this configuration:

            services.ConfigureSwaggerGen(x =>
            {
                //x.DocumentFilter
                x.SingleApiVersion(new Info
                {
                    Version = "v1",
                    Title = "API",
                    Description = "API templates for app.",
                    TermsOfService = "None",
                    Contact = new Contact()
                    {
                        Email = "email@d.com",
                        Name = "vendor",
                        Url = "website",
                    },
                    License = new License()
                    {
                        Name = "dd",
                        Url = "https://ddd/support/license"
                    },
                });
                x.IncludeXmlComments(AppContext.BaseDirectory + @"/app.xml");
                x.IgnoreObsoleteProperties();
                x.IgnoreObsoleteActions();
                x.DescribeAllEnumsAsStrings();
                x.AddSecurityDefinition("Bearer", new ApiKeyScheme()
                {
                    Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
                    Name = "Authorization",
                    In = "header",
                    Type = "apiKey"
                });
            });

There is no provision in UI for input of Bearer token?

image

@domaindrivendev

This comment has been minimized.

Copy link
Owner

domaindrivendev commented Jun 17, 2017

As per the Swagger spec, a "security definition" is not enough, you also need to assign applicable operations to the defined scheme. All described in the Swashbuckle readme

@goforgold

This comment has been minimized.

Copy link

goforgold commented Jun 19, 2017

@mjabian were you able to achieve this? I need tom implement exactly this.

@domaindrivendev can you please suggest how to do this in ASP.NET Core? any link?

@goforgold

This comment has been minimized.

Copy link

goforgold commented Jun 19, 2017

@mjabian

I tried your solution, fortunately it worked for me with a minor change (not in your code). I used below part of your code

x.AddSecurityDefinition("Bearer", new ApiKeyScheme()
{
    Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
    Name = "Authorization",
    In = "header",
    Type = "apiKey"
});

It creates an Authorize button in Swagger UI like below for me

image

When I click this button, it opens up a popup where I was able to put JWT value. It didn't work.

I observed the request using F12 tools and found that the required header was being added but suffix bearer was not added. So, I just put this manually in token value like bearer <token-here>. And, yo, It worked!!.

Thanks a lot to you.

@ross2411

This comment has been minimized.

Copy link

ross2411 commented Oct 13, 2017

@goforgold @mjabian Thanks guys. worked for me!

@Behnam-Emamian

This comment has been minimized.

Copy link

Behnam-Emamian commented Mar 20, 2018

This feature is working just for version 1.X not 2.X, so I have downgrade to v1.2 and it is sending the token.

@ajbeaven

This comment has been minimized.

Copy link

ajbeaven commented Mar 20, 2018

I agree, this is not working in 2.X. I also had to downgrade. It looked like the Authorization header was not being included in the request.

@Behnam-Emamian

This comment has been minimized.

Copy link

Behnam-Emamian commented Mar 20, 2018

I can see there is a new UI, so this feature has been broken.

@domaindrivendev

This comment has been minimized.

Copy link
Owner

domaindrivendev commented Mar 20, 2018

@ajbeaven @Behnam-Emamian - to get this to work in 2.x, you need to accompany your scheme definition with a corresponding requirement to indicate that the scheme is applicable to all operations in your API:

c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
    { "Bearer", new string[] { } }
});

NOTE: it turns out that the old UI worked without this despite being an incomplete description, as per the Swagger 2.0 spec. The new swagger-ui correctly requires this

@erikcheatham

This comment has been minimized.

Copy link

erikcheatham commented Mar 23, 2018

YAS! Thank You @domaindrivendev!!

@replaysMike

This comment has been minimized.

Copy link

replaysMike commented Apr 3, 2018

Did anyone else figure out why swagger-ui doesn't include the Bearer prefix to the auth token? Or is it expected we provide it on input?

@gakees

This comment has been minimized.

Copy link

gakees commented May 5, 2018

Hi @replaysMike, it is expected (to my understanding) that the user supplies the "Bearer " prefix along with the JWT Token when pasting it via the Swagger UI.

@jlnpinheiro

This comment has been minimized.

Copy link

jlnpinheiro commented Jun 13, 2018

services.AddSwaggerGen(options =>
{
    options.AddSecurityDefinition("Bearer", new ApiKeyScheme
    {
        Name = "Authorization",
        In = "header"
    });

    options.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
    {
        { "Bearer", new string[] { } }
    });
});

This did not work for me in version 2.5.0. Has anyone else found a solution to this problem? The "Bearer" word still missing in "Authentication" header request parameter.

@keycad

This comment has been minimized.

Copy link

keycad commented Jun 14, 2018

@jlnpinheiro the user must supply that word, as @gakees says.
It's working for me with the same configuration you have, I also added a description to warn the user to write authentication as Bearer {token}

c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
	{ "Bearer", new string[] { } }
});

c.AddSecurityDefinition("Bearer", new ApiKeyScheme()
{
	Description = "JWT Authorization header using the Bearer scheme. Example: \"Bearer {token}\"",
	Name = "Authorization",
	In = "header",
	Type = "apiKey"
});
@jlnpinheiro

This comment has been minimized.

Copy link

jlnpinheiro commented Jun 14, 2018

Thanks for the help my friend, @keycad! Problem resolved!

@MichelZ

This comment has been minimized.

Copy link

MichelZ commented Jun 18, 2018

Isn't there a way to always prepend bearer to user supplied tokens?

@keycad

This comment has been minimized.

Copy link

keycad commented Jun 18, 2018

I tried and didn't find one... but I'll be pleased if you know how

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment