Swagger, JWT, how to use token in calls after authentication

Question

Swagger, JWT, how to use token in calls after authentication

I am new to swagger.
We already have an API, so I'm trying to manually write swagger.yaml

So far I have figured out how to make my route / login and return the JWT in response.
But I'm not sure how to move on. Is it possible to automatically connect the returned JWT to subsequent calls?
Or do I need to manually copy and paste the returned JWT?

If I have to do it manually .. then .. ahh .. how?
An Authenticate button appears in the swagger editor, and I can click it and get the input box that apikey is looking for ...
But this is not the same when viewing the swagger user interface ... when I go to localhost to see the swagger user interface, I do not get the authentication button and cannot insert the JWT text ...

My swagger.yaml is as follows:

swagger: "2.0" info: version: 1.0.0 title: Identity Management Service description: API to allow JWT authentication and authorisation termsOfService: http://swagger.io/terms/ license: name: MIT url: http://github.com/gruntjs/grunt/blob/master/LICENSE-MIT host: localhost:8000 basePath: / schemes: - http - https securityDefinitions: Bearer: type: apiKey name: Authorization in: header consumes: - application/json produces: - application/json paths: /login: post: summary: User Authentication returning a JWT. description: Authenticate a user. parameters: - name: credentials in: body description: maximum number of results to return required: false schema: $ref: '#/definitions/creds' responses: "200": description: will send JWT default: description: unexpected error schema: $ref: '#/definitions/Error' /getUsers: get: summary: Gets list of all users description: Authenticate a user. security: - Bearer: [] responses: "200": description: will send JWT default: description: unexpected error schema: $ref: '#/definitions/Error' definitions: creds: type: object required: - username - password properties: username: type: string password: type: string Error: required: - code - message properties: code: type: integer format: int32 message: type: string

Obviously, I would prefer to use it so that the response token from the / login call is saved and used in / getUsers ...

The response from calling / login is as follows:

 { "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0eXBlIjoidXNlciIsInVzZXJpZCI6InBqbWVhbHkiLCJlbWFpbCI6InBqbWVhbHlAZ21haWwuY29tIiwiZmlyc3RuYW1lIjoiUEoiLCJsYXN0bmFtZSI6Ik1lYWx5Iiwib3JnIjoib3JnMSIsInRlYW1zIjpbInRlYW0xIl0sImFjbCI6WyJlbXBsb3llZSIsInRlYW1MZWFkIl0sInRva2VuVHlwZSI6IndlYkFwcFRva2VuIiwidG9rZW5WZXJzaW9uIjoiMSIsImlhdCI6MTQ2NzkxMDkyNSwiZXhwIjoxNDY3OTk3MzI1fQ.e4Trk-0kDoid5Xr9BQ5ZP_HMBN2l8_G2pn7ac2tt4uE", "user": { "type": "user", "userid": "joebloggs", "email": " joe@bloggs.com ", "firstname": "Joe", "lastname": "Bloggs", "org": "org1", "teams": [ "team1" ], "acl": [ "employee", "teamLead" ], "tokenType": "webAppToken", "tokenVersion": "1", "iat": 1467910925, "exp": 1467997325 } } ", { "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0eXBlIjoidXNlciIsInVzZXJpZCI6InBqbWVhbHkiLCJlbWFpbCI6InBqbWVhbHlAZ21haWwuY29tIiwiZmlyc3RuYW1lIjoiUEoiLCJsYXN0bmFtZSI6Ik1lYWx5Iiwib3JnIjoib3JnMSIsInRlYW1zIjpbInRlYW0xIl0sImFjbCI6WyJlbXBsb3llZSIsInRlYW1MZWFkIl0sInRva2VuVHlwZSI6IndlYkFwcFRva2VuIiwidG9rZW5WZXJzaW9uIjoiMSIsImlhdCI6MTQ2NzkxMDkyNSwiZXhwIjoxNDY3OTk3MzI1fQ.e4Trk-0kDoid5Xr9BQ5ZP_HMBN2l8_G2pn7ac2tt4uE", "user": { "type": "user", "userid": "joebloggs", "email": " joe@bloggs.com ", "firstname": "Joe", "lastname": "Bloggs", "org": "org1", "teams": [ "team1" ], "acl": [ "employee", "teamLead" ], "tokenType": "webAppToken", "tokenVersion": "1", "iat": 1467910925, "exp": 1467997325 } }

+7

swagger

Vida Jul 07 '16 at 17:04

source share

1 answer

Irshaad msd · Answer 1 · 2018-12-20T04:59:04+0000

You can try this, it includes an authorization header, where you can save the token, and it will apply to all endpoints.

 @Bean public Docket newsApi() { return new Docket(DocumentationType.SWAGGER_2) .select() .apis(RequestHandlerSelectors.any()) .paths(PathSelectors.any()) .build() .securitySchemes(Lists.newArrayList(apiKey())) .securityContexts(Lists.newArrayList(securityContext())) .apiInfo(generateApiInfo()); } @Bean SecurityContext securityContext() { return SecurityContext.builder() .securityReferences(defaultAuth()) .forPaths(PathSelectors.any()) .build(); } List<SecurityReference> defaultAuth() { AuthorizationScope authorizationScope = new AuthorizationScope("global", "accessEverything"); AuthorizationScope[] authorizationScopes = new AuthorizationScope[1]; authorizationScopes[0] = authorizationScope; return Lists.newArrayList( new SecurityReference("JWT", authorizationScopes)); } private ApiKey apiKey() { return new ApiKey("JWT", "Authorization", "header"); }

Swagger, JWT, how to use token in calls after authentication

More articles: