422 Unprocessable Entity error when testing route with authorisation dependency from Swagger UI but not from Postman

[inspiralpatterns]

I have a route where I inject a dependency that takes the header, extracts the token and validates it against Azure Active Directory. The code looks like this:

async def require_auth(authorization: str = Header(...)):
    token = get_token_auth_header(authorization)
    jsonurl = urlopen(
        "https://login.microsoftonline.com/" + TENANT_ID + "/discovery/v2.0/keys"
    )
    jwks = json.loads(jsonurl.read())

    try:
        unverified_header = jwt.get_unverified_header(token)
    except JoseExceptions.JWTError:
        raise HTTPException(
            status_code=401, detail="Unable to decode authorization token headers"
        )

    payload = get_payload(jwks, unverified_header, token)

    if not payload:
        raise HTTPException(status_code=401, detail="Invalid authorization token")

    return payload

and it is being called from the route (I had to omit some particulars):

router = APIRouter()
callback_router = APIRouter(default_response_class=JSONResponse)
@router.post(
    "/margins",
    callbacks=callback_router.routes, 
    dependencies=[Depends(require_auth)],
)
def predict_margins(predictrequest: m.PredictRequest):
    return {"hello", "margins"}

Here is the thing: when accessing the Swagger UI and trying out the endpoint I always get this error:

{
  "detail": [
    {
      "loc": [
        "header",
        "authorization"
      ],
      "msg": "field required",
      "type": "value_error.missing"
    }
  ]
}

given my request:

I can also notice that there is not Token: Bearer xxx when inspecting Curl:

curl -X POST "http://localhost:8080/api/v1/margins" -H  "accept: application/json" -H  "Content-Type: application/json" -d "{\"quote_number\":1,\"quantity\":1,\"customer_number\":\"502691\",\"part_number\":\"8704960.0-PDB\"}"

I spent a good couple hours trying to figure out what was wrong and then I tried in Postman.

Interestingly enough, it does work (I get an error, it is intended).
When I inspect the code, I can see the token:

curl --location --request POST 'http://localhost:8080/api/v1/margins' \
--header 'Authorization: Bearer 12334567890TheStupidestToken!@' \
--header 'Content-Type: application/json' \
--data-raw '{
  "quote_number": 1,
  "quantity": 1,
  "customer_number": "502691",
  "part_number": "8704960.0-PDB"
}'

So, the question is: what am I doing wrong in Swagger UI, and how to make it work?

[Svirex]

This is OpenAPI problem

domaindrivendev/Swashbuckle.AspNetCore#1295 (comment)

[tiangolo]

You probably need to use the HTTPBearer: https://github.com/tiangolo/fastapi/blob/41735d2de9afbb2c01541d0f3052c718cb9f4f30/fastapi/security/http.py#L100

It's not properly documented yet, but you would create an instance of that and use it as a dependency.

Sorry for the long delay! 🙈 I wanted to personally address each issue/PR and they piled up through time, but now I'm checking each one in order.

[github-actions]

Assuming the original need was handled, this will be automatically closed now. But feel free to add more comments or create new issues or PRs.