Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to use swagger with OAuth API?

Tags:

Is it possible to use swagger as a documentation/testing tool for APIs that use OAuth2? I don't see anything on the swagger site (or anywhere else for that matter). Every usage I've seen uses either an API key, HTTP basic, or cookies.

like image 395
fool4jesus Avatar asked Feb 14 '13 21:02

fool4jesus


People also ask

How do I add oauth2 to Swagger?

Describing OAuth 2.0 Using OpenAPI. To describe an API protected using OAuth 2.0, first, add a security scheme with type: oauth2 to the global components/securitySchemes section. Then add the security key to apply security globally or to individual operations: # Step 1 - define the security scheme.

How do I Authorize API for Swagger?

In the Swagger Editor (the right pane), click the Authorize button, paste the sample API key shown in the description into the Value field (or use your own OpenWeatherMap API key), and click Authorize. Then click Close to close the authorization modal.


1 Answers

I have been working along the same lines. Swagger will accept any header or URL defined api key or token. Adding a validation helper to the api and app is a standard approach.

Oauth does require a HTML review and or login to start the handshake aouth process. This means that a swagger api will need to support a web interface for a standard login and scope acceptance. Rolling oauth into swagger results in a few logic loops, which long term are not easy to support.

A different approach we are exploring is the option to let the api handle and store access tokens for a number of different oauth providers; GitHub, twitter and Facebook. This might result in login loops as well.

like image 172
d1b1 Avatar answered Sep 29 '22 13:09

d1b1