I have written a custom backend for JWT authentication in cookies. I'd like to test it using the DRF-Spectacular. To this end, I've written the following scheme:
from drf_spectacular.extensions import OpenApiAuthenticationExtension
from .backends import JWTCookieAuthentication
class JWTCookieAuthenticationScheme(OpenApiAuthenticationExtension):
name = "JWTCookieAuthenticationScheme"
target_class = JWTCookieAuthentication
def get_security_definition(self, auto_schema):
return {
'type': 'apiKey',
'in': 'cookie',
'name': 'jwt',
}
The "Authorize" button appears in the generated API, but the entered value is passed in the header instead of the cookie. The generated CURL command for an exemplary request is the following:
curl -X 'GET'
'http://localhost:8001/user/my_user/'
-H 'accept: application/json'
-H 'Cookie: jwt=12345'
while the expected one would be something like:
curl -X 'GET'
'http://localhost:8001/user/my_user/'
-H 'accept: application/json'
--cookie 'jwt=12345'
Is it a bug or I'm doing something wrong?
