Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Support Token Based Authentication in Swagger Documentation for Web API

I am trying out swagger(SwashBuckle) for generating web api documentation. I have successfully generated the documentation using Web API documentation using swagger but I am not able to successfully send API requests, as we have token based authentication (custom header for authentication purpose) for few of the methods.

I tried to find out sample code/resources for the same but did not have much luck. Please let me know if someone has implemented/came across similar thing in their application.

like image 649
prashant Avatar asked May 26 '15 04:05

prashant


People also ask

How do I add token authentication in swagger?

Token-based Authentication To retrieve a token via our Swagger UI, send a POST request like the following to the /api-token-auth/ endpoint. Copy the token generated from the response, excluding the quotation marks. Click the Authorize button and enter "Bearer", followed by the token from step 2. Click Authorize.

How token-based authentication works in Web API?

Token-based authentication for web APIs is the process of authenticating users or processes for applications in the cloud. The user's application sends a request to the authentication service, which confirms the user's identity and issues a token. The user is then able to access the application.


2 Answers

I had the same problem some time ago, and asked in the blog http://bitoftech.net/2014/08/25/asp-net-web-api-documentation-using-swagger/ for a solution.

This was the answer that worked for me:

1.Add new file named “SwaggerExtensions”, then added new JS file named “onComplete.js”, you have to change the build action for this file to “Embedded Resource”.

2.Inside the file “onComplete.js” paste the following code:

$('#input_apiKey').change(function () {

var key = $('#input_apiKey')[0].value;
if (key && key.trim() != "") {
key = "Bearer " + key;
window.authorizations.add("key", new ApiKeyAuthorization("Authorization", key, "header"));
}
});

3.Open file “SwaggerConfig.cs” and inside the register method paste the code below:

SwaggerUiConfig.Customize(c =>
{
c.SupportHeaderParams = true;
c.InjectJavaScript(typeof(SwaggerConfig).Assembly, "AngularJSAuthentication.API.SwaggerExtensions.onComplete.js");
});

Note that you need to change the full assembly name to match your assembly name.

I believe thats it, once you run the UI you will notice that this file has been downloaded and it will set the authorization header correctly.

like image 198
Xavier Egea Avatar answered Sep 18 '22 19:09

Xavier Egea


You need to set up API Key authorisation. The "Describing Security/Authorization Schemes" in the README at https://github.com/domaindrivendev/Swashbuckle has details on this but in short you need to do something like the following in your call to httpConfiguration.EnableSwagger()

c.ApiKey("apiKey")
  .Description("API Key Authentication")
  .Name("apiKey")
  .In("header");

You then need to create a custom attribute derived from IDocumentFilter and apply it to the appropriate methods in your controllers. Lets say you call this ApiKeyFilter. You then need to register this with Swagger by adding the following in EnableSwagger()

c.OperationFilter<ApiKeyFilter>();

I'm not aware of sample code for an ApiKey attribute but I've used https://github.com/domaindrivendev/Swashbuckle/blob/master/Swashbuckle.Dummy.Core/SwaggerExtensions/AssignOAuth2SecurityRequirements.cs before for OAuth2, you should be able to adapt that.

like image 27
Ruaidhrí Primrose Avatar answered Sep 20 '22 19:09

Ruaidhrí Primrose