Swagger and JWT Token Authentication

Question

I am building some Swagger documentation, all well and good, except that I am wanting to have the page work interactively, so when selecting the editor or UI, if I hit the authorize button, I would call my Authentication URL that builds the JWT token that is then used in subsequent requests.

I am planning to issue the API client an Api Access Key and a Secret Access Key, and want to hit an authentication page that will process these and build the JWT token.

It strikes me that if I can get the correct definition of how to achieve this in Swagger, that I will have a ready-built test client to then use against my fresh new code.

Yes, it's my first time with JWT and I have not yet built the code. Can you say "API-First"?

Answer 1

This is how I used Swagger with JWT Authentication:

• Write a Express.js API end point to generate a JWT.
• Create a Swagger Path to retrieve the JWT using above end point

• In swagger.yaml root level:

  securityDefinitions:  
    JWT:  
      type: apiKey  
      in: header  
      name: access_token  
  

• In swagger.yaml paths:

  security  
   -JWT: []
  

This will display an Authorize button in Swagger UI on browser.

• Enter JWT generated above in the Authentication Window that pops-up when above Authorize button is clicked
• Now JWT will be passed with the request headers

Hope this may help others.