0

Running latest (and now old due to the switchover to flask REST-X) flask RESTPlus using the authorization functionality for the swagger interface with a Bearer token as follows:

authorizations = {
'apikey': {
    'type': 'apiKey',
    'in': 'header',
    'name': 'Bearer '
}

But although the "Authorise" box comes up in the swagger interface, and I can put a token in there, it doesn't get added to the requests coming out or the curl format that swagger provides, so we can see clearly it's not being picked up. What's going on here and how do I fix it?

David Boshton
  • 2,555
  • 5
  • 30
  • 51
  • Does your code also have annotations that add `security` to operations? That's needed to attach the `Authorization` header to operations. – Helen Jun 05 '20 at 07:02
  • Thanks. This is the solution, so can you add that as an answer and I'll accept it. – David Boshton Jun 25 '20 at 09:39

1 Answers1

1

Make sure the code also has annotations that would add security to individual operations or globally. This is needed to actually attach the Authorization header to operations.

In other words, the generated OpenAPI definition should contain the following.

If using OpenAPI 2.0:

swagger: '2.0'

securityDefinitions:
  apikey:
    type: apiKey
    in: header
    name: Authorization

security:
  - apiKey: []

If using OpenAPI 3.0:

openapi: 3.0.0

components:
  securitySchemes:
    apikey:
      type: apiKey
      in: header
      name: Authorization

    # or using OAS3 Bearer auth scheme
    # apiKey:
    #  type: http
    #  scheme: bearer

security:
  - apiKey: []
Helen
  • 87,344
  • 17
  • 243
  • 314