Issue 'Authorization: Bearer <token>' in a Swagger openAPI Annotations
I use these packages (installed via composer)
"swagger-api/swagger-ui": "^3.0",
"zircote/swagger-php": "~2.0|3.*"
In my def controller I have these annotations
/**
* @OA\Info(title="My API", version="0.1")
* @OA\Schemes(format="http")
* @OA\SecurityScheme(
* securityScheme="bearerAuth",
* in="header",
* name="Authorization",
* type="http",
* scheme="Bearer",
* bearerFormat="JWT",
* ),
* @OA\Tag(
* name="Auth",
* description="Auth endpoints",
* )
* @OA\Tag(
* name="Users",
* description="Users endpoints",
* )
*/
class Controller extends BaseController
Then I have method
/**
*
* @OA\Get(
* path="/users",
* operationId="getListOfUsers",
* tags={"Users"},
* description="Get list of users",
* security={{"bearerAuth":{}}},
* @OA\Parameter(
* name="Authorization",
* in="header",
* required=true,
* description="Bearer {access-token}",
* @OA\Schema(
* type="bearerAuth"
* )
* ),
* @OA\Response(
* response=200,
* description="Get list of users.",
* @OA\JsonContent(type="object",
* @OA\Property(property="message", type="string"),
* @OA\Property(property="data", type="array",
* @OA\Items(type="object",
* @OA\Property(property="id", type="integer"),
* @OA\Property(property="name", type="string"),
* @OA\Property(property="email", type="string"),
* ),
* ),
* ),
* ),
* @OA\Response(response=401, description="Unauthorized"),
* @OA\Response(response=404, description="Not Found"),
* )
*
* @return JsonResponse
*/
public function users()
So, when I try to test this route via swagger ui, I am getting error
401, "message": "Unauthenticated."
When I checked header (Firefox), I have not seen
Authorization: Bearer {{access-token}}
but I have my token in
Cookie: XSRF-TOKEN=eyJpdiI6Ik5COUV5Y1ltRTM4eXNsRlpLY2ptTGc9PSIsInZhbHVlIjoiNDFCbG95c1RHSHRFT0IyWWZ4aWFRQVJ6RHhTS1A4SFJiQXp2amlQc3RCUFRUWWs5R3RQQ0ZlakdFNnlvRm50MSIsIm1hYyI6ImM...
Swagger UI does not send header properly. What is wrong in annotations? Thanks
Answer
Authorization has nothing to do with XSRF-TOKEN. I also had the same issue and solved it after several hours of googling. Here are the changes you might want to try:
Remove these lines:
* @OA\Parameter(
* name="Authorization",
* in="header",
* required=true,
* description="Bearer {access-token}",
* @OA\Schema(
* type="bearerAuth"
* )
* ),
And change this:
* @OA\SecurityScheme(
* securityScheme="bearerAuth",
* in="header",
* name="Authorization",
* type="http",
* scheme="Bearer",
* bearerFormat="JWT",
* ),
to
* @OA\SecurityScheme(
* securityScheme="bearerAuth",
* in="header",
* name="bearerAuth",
* type="http",
* scheme="bearer",
* bearerFormat="JWT",
* ),
Note that the "Bearer" and "bearer" are differed.