New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JWT Support #209

Open
yardenfi opened this Issue Jul 4, 2018 · 5 comments

Comments

Projects
None yet
5 participants
@yardenfi
Contributor

yardenfi commented Jul 4, 2018

request.headers.Authorization = "Bearer " + jwt_token;

Flasgger is using the value "Bearer" hardcoded in this line. In order to support JWT, I have found I need to change this line to "JWT " manually. I think it should be configurable..

@MaciejKucia

This comment has been minimized.

Show comment
Hide comment
@MaciejKucia

MaciejKucia Aug 1, 2018

It seems that this is quite easy to implement in config just like JWT_AUTH_URL_RULE option.
But the question is if Bearer should be configurable. The following StackOverflow topic suggests that it should not.
https://stackoverflow.com/questions/33265812/best-http-authorization-header-type-for-jwt

The best HTTP header for your client to send an access token (JWT or any other token) is the Authorization header with the Bearer authentication scheme.

MaciejKucia commented Aug 1, 2018

It seems that this is quite easy to implement in config just like JWT_AUTH_URL_RULE option.
But the question is if Bearer should be configurable. The following StackOverflow topic suggests that it should not.
https://stackoverflow.com/questions/33265812/best-http-authorization-header-type-for-jwt

The best HTTP header for your client to send an access token (JWT or any other token) is the Authorization header with the Bearer authentication scheme.

@javabrett

This comment has been minimized.

Show comment
Hide comment
@javabrett

javabrett Aug 7, 2018

Collaborator

@yardenfi which client are you working with that expects/requires Authorization: JWT ..., or is this for something new? OAuth Bearer is no good for what you are doing?

Collaborator

javabrett commented Aug 7, 2018

@yardenfi which client are you working with that expects/requires Authorization: JWT ..., or is this for something new? OAuth Bearer is no good for what you are doing?

@javabrett

This comment has been minimized.

Show comment
Hide comment
@javabrett

javabrett Aug 8, 2018

Collaborator

Other references:

https://swagger.io/docs/specification/authentication/bearer-authentication/

Authorization: Bearer
(when discussing JWT)

https://swagger.io/specification/#securitySchemeScheme -> https://tools.ietf.org/html/rfc7235#section-5.1 -> https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml

... Basic, Bearer, OAuth but no JWT.

I don't believe Authorization: JWT ... is part of a standard, but if it is please add a reference here.

So this could be made configurable, but per @MaciejKucia , should it be made configurable to a way that OpenAPI doesn't support in specs.

Collaborator

javabrett commented Aug 8, 2018

Other references:

https://swagger.io/docs/specification/authentication/bearer-authentication/

Authorization: Bearer
(when discussing JWT)

https://swagger.io/specification/#securitySchemeScheme -> https://tools.ietf.org/html/rfc7235#section-5.1 -> https://www.iana.org/assignments/http-authschemes/http-authschemes.xhtml

... Basic, Bearer, OAuth but no JWT.

I don't believe Authorization: JWT ... is part of a standard, but if it is please add a reference here.

So this could be made configurable, but per @MaciejKucia , should it be made configurable to a way that OpenAPI doesn't support in specs.

@javabrett javabrett self-assigned this Aug 8, 2018

@llk2why

This comment has been minimized.

Show comment
Hide comment
@llk2why

llk2why Aug 24, 2018

I've encountered the same problem. When I change "Bearer" to "JWT" in my Postman request's header, it works. But but the try-out on the site doesn't go well. What should I do?

llk2why commented Aug 24, 2018

I've encountered the same problem. When I change "Bearer" to "JWT" in my Postman request's header, it works. But but the try-out on the site doesn't go well. What should I do?

@yardenfi

This comment has been minimized.

Show comment
Hide comment
@yardenfi

yardenfi Aug 29, 2018

Contributor

it's just not working when supplied with Bearer instead of jwt with flask_jwt..

Contributor

yardenfi commented Aug 29, 2018

it's just not working when supplied with Bearer instead of jwt with flask_jwt..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment