Menu
Im currently working with Quarkus and Swagger-UI as delivered by quarkus-smallrye-openapi.
We have OIDC from Azure AD as security, which is currently not supported by Swagger-UI (see Swagger-Docs), so I can't add the "real" authorization to swagger.
This means, I can't use Swagger since my endpoints are at least secured with @RolesAllowed.
We have an endpoint to fetch a mock-security token, but I don't know how to tell swagger to take this token.
Basically I want to tell swagger-ui "Here, I have this token, add it as Authorization: Bearer XXXto all requests", but I don't know how to do that in Quarkus.
221
View the Appearance in Swagger UI Then check out the Swagger UI display. You'll see an “Authorize” button appear. When you click Authorize, the description and other security details appear: After users enter an API key and click Authorize, the authorization method is set for as many requests as they want to make.
Swagger 2.0 lets you define the following authentication types for an API: Basic authentication. API key (as a header or a query string parameter) OAuth 2 common flows (authorization code, implicit, resource owner password credentials, client credentials)
OpenAPI and Swagger used to refer to the same thing. While there are differences today (OpenAPI refers to RESTful API design and Swagger refers to a set of SmartBear tools), this blog will use the terms interchangeably. If you develop software today, chances are you are developing web APIs as well.
The Quarkus smallrye-openapi extension comes with a swagger-ui extension embedding a properly configured Swagger UI page. By default, Swagger UI is only available when Quarkus is started in dev or test mode. If you want to make it available in production too, you can include the following configuration in your application.properties:
When building APIs, developers want to test them quickly. Swagger UI is a great tool permitting to visualize and interact with your APIs. The UI is automatically generated from your OpenAPI specification. The Quarkus smallrye-openapi extension comes with a swagger-ui extension embedding a properly configured Swagger UI page.
Im currently working with Quarkus and Swagger-UI as delivered by quarkus-smallrye-openapi. We have OIDC from Azure AD as security, which is currently not supported by Swagger-UI (see Swagger-Docs),...
Quarkus has an integrated pluggable web security layer. If security is enabled all HTTP requests will have a permission check performed to make sure they are allowed to continue. Configuration authorization checks are executed before any annotation-based authorization check is done, so both checks have to pass for a request to be allowed.
@Path("/sample")
@SecuritySchemes(value = {
@SecurityScheme(securitySchemeName = "apiKey",
type = SecuritySchemeType.HTTP,
scheme = "Bearer")}
)
public class SampleResource {
@GET
@SecurityRequirement(name = "apiKey")
String hello() {
Authorize option should be now available on swagger page. Enter your mock api key here.
Trigger the service from swagger ui. You could now see Authorization: Bearer <VALUE> header set in request.
52
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
