Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bearer Tokens not Sending #5265

Closed
jspri opened this issue Mar 26, 2019 · 2 comments
Closed

Bearer Tokens not Sending #5265

jspri opened this issue Mar 26, 2019 · 2 comments

Comments

@jspri
Copy link

jspri commented Mar 26, 2019
edited
Loading

Q&A (please complete the following information)

  • OS: macOS
  • Browser: firefox
  • Version: latest (66.0.1)
  • Method of installation: NA
  • Swagger-UI version: latest, or as hosted on editor.swagger.io
  • Swagger/OpenAPI version: OpenAPI 3.0

Example Swagger/OpenAPI definition:

## This can be previewed in https://editor.swagger.io/

openapi: "3.0.0"

info:
  title: Foo API
  version: "0.1.0"
  description: A test api

servers:
  - url: 'https://foo.com/v1/'

components:
  securitySchemes:
    Token: # TODO this isn't sending in swagger-ui??
      type: http
      description: Bearer Token
      scheme: Bearer

security:
  -  Token: [] # Require token for all requests (unless otherwise specified)

paths:
  "/myEndpoint":
    get:
      summary: Authenticated Endpoint
      responses:
        "200":
          description: OK
          content:
            application/json:
              schema:
                type: object

Describe the bug you're encountering

No tokens are not being sent in the authorization header. The UI allows me to set the token value but does not include the token when I make a request. The curl code also does not include the token.

To reproduce...

Load the above yaml into swagger ui. Click on the padlock and enter a token. Click 'try it' and then execute a request.

Expected behavior

The executed request and curl should contain the token.

Additional context or thoughts

The padlock appears but it is not being included in requests. I have tried hosting my own swagger-ui and had the same results.

IIRC it was working a few days/weeks ago.

API Key auth still works as expected.
@hkosova
Copy link
Contributor

hkosova commented Mar 26, 2019
edited
Loading

Replace scheme: Bearer with scheme: bearer (note the lowercase "b").

I'm not sure if scheme: Bearer with uppercase "B" is valid. I opened a ticket in the OpenAPI Specification repository to clarify this.

@jspri
Copy link
Author

jspri commented Mar 27, 2019
edited
Loading

Thanks a ton for that. I think my thought process was based on what the actual header ends up being e.g.

Authorization: Bearer TOKEN

You can close this if you want as it's no longer specific to the ui. It would be cool if this was caught somewhere else in the toolchain e.g parser.

Edit: The docs here https://swagger.io/docs/specification/authentication/ also list Bearer at the top of the page (but then correctly use lower case b later on).

@hkosova hkosova closed this as completed Aug 7, 2019
@yfer yfer mentioned this issue Oct 1, 2019
Closed
10 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jspri @hkosova