Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Sending cookie session id with Swagger 3.0

It is said that "To define cookie authentication, use API keys instead." in the official documentation

https://swagger.io/docs/specification/describing-parameters/#cookie-parameters

The fact is we tried with

components:
  securitySchemes:
    cookieAuth:         
      type: apiKey
      in: cookie
      name: sessionId
...
    security:
      - cookieAuth: []

Using the above code, in Swagger UI we are able to click on the padlock to set the value of the sessionId. But when we execute the method, the value of the cookie is NULL and we don't see the cookie sent in the Headers (Chrome Developer tool)

I tried also to put that in cookie parameter like this:

parameters:
  - in: cookie
    name: sessionId   
    required: true
    schema:
      type: string 

But there again, same result (arrive null, and nothing in the debugger tool.

We use Swagger with openApi 3.0, other parameters, requestBody is working well, but not this cookie transmission.

Thx for anything that can have an idea.

like image 316
user954156 Avatar asked Mar 14 '18 07:03

user954156


1 Answers

Swagger UI and Swagger Editor currently do not support sending cookies in "try it out" requests:
https://github.com/swagger-api/swagger-js/issues/1163

As the developers explain, the issue is that it's almost impossible to send arbitrary cookie data to a different origin from within the browser.


SwaggerHub supports cookie auth and cookie parameters though. SwaggerHub sends "try it out" requests from its servers rather than from your browser, which makes it possible to send requests with a user-defined Cookie header.

Disclosure: I work for the company that makes SwaggerHub.

like image 190
Helen Avatar answered Oct 07 '22 13:10

Helen