I am building out an OpenAPI support for my project but I need swagger.yaml file to be available only to authorized users.
Swagger UI and Swagger Editor both seem to expect the swagger.yaml file to be accessible publicly.
I've thought of various ways of getting around it. One could be using "signed" URLs, similar to how S3 does it -- this way only people with a link can access it.
What is a good practice ?
I figured it out. On the Swagger-UI github page there is a description of the authorizations parameter that can be set in index.html:
An authorization object to be passed to swagger-js. Setting it here will trigger inclusion of any authorization or custom signing logic when fetching the swagger description file. Note the object structure should be { key: AuthorizationObject }
What I've done was setup a Node.js server that protects Swagger-UI. If the token is not set in cookies, it directs the user through the OAuth 2.0 flow, sets the cookie, and only then directs to swagger-ui.
Swagger-ui in turn has authorizations parameter set as follows:
authorizations: {
"_auth": new SwaggerClient.ApiKeyAuthorization(
"Authorization", "Bearer "+ Cookies.get("MyAccessToken"),
"header")
}
The header is then passed to the the server when downloading swagger.yaml file.
Related
I have already configured Keycloak role based access control with my java API project and it is deployed with Wildfly and runs without any errors. Since I have tested and confirmed the responses with Postman, I needed to use Swagger in-order to generate API documensts.
Using Swagger Inspector I created an API definition and exported that via SwaggerHUB to use it in SwaggerUI which I run locally. With web-origins and all the necessary steps configured in Keycloak and with authentication parameters set in Swagger script, I get the below error..
"
Access to fetch at (api request) from origin (swagger ui path) has been blocked by CORS policy: Response to preflight request doesn't pass access control check: Redirect is not allowed for a preflight request.
"
I have noticed that if I bypass Keycloak, this works. What might be the best solution to overcome this issue?
I was able to resolve my issue referring this answer. I too added "enable-cors": true in keycloak.json in my Java back-end server which was Wildfly and tested the same implementation in server environment successfully.
My requirement is to generate a Swagger File for a given ReST API URL. I have invoked the URLs using POSTMAN client and it was working fine.
However, for this URL to use in Informatica cloud, it's required to have associated Swagger file either json or yaml format.
could you please guide how we can do this?
We have a .NET core 1.1 webapi project. We have two controller files and I've been able to generate separate swagger JSON files for each controller by decorating methods with GroupName.
When I browser the swagger UI (/swagger) I see that it has a drop down on top right corner that allows us to select the group.
Our requirement is to have a separate URL itself for swagger UI (not just JSON file) so that we can send a URL dedicated to a controller to our customers that doesn't confuse them. Is there a way to tell swashbuckle/swagger UI to use a specific URL for given JSON file/group name?
I tried checking if there's any query string parameter that swagger UI uses on change of dropdown but unfortunately it uses referer http header...
Yes swagger-ui has the url param that does exactly that.
Here are a few examples:
http://petstore.swagger.io/?url=http://heldersepu.github.io/hs-scripts/swagger/4134_swagger.json
http://offleaseonly.azurewebsites.net/swagger/ui/index?url=https://raw.githubusercontent.com/oasis-tcs/odata-openapi/master/examples/People.openapi3.json
http://swagger-net-test.azurewebsites.net/swagger/ui/index?url=http://heldersepu.github.io/hs-scripts/swagger/DiegoGuidi.json
I am currently using identityserver middleware in my project to implement an oauth service. I would like to use swagger to define some of the methods available in this middleware such as /Connect/Token which is used to acquire and access token.
Unfortunately since this is middleware I do not have implementations of controllers that handle the http requests - since the requests are handled in the middleware.
Is it possible to explicitly define upfront a swaggerdoc with all the endpoint information (such as url, params etc) if you are using a middleware that handles all http requests?
I was unable to find a method for dynamically generating swagger documentation for the identityserver endpoints.
However as a workaround I created a manual swagger.json file using the swagger editor. I was able to export a swagger.json file from the editor. I added the file to my application and was able generate the swagger ui with the following code.
// serve static files
app.UseStaticFiles();
// id server middleware
app.UseIdentityServer();
// points to my static swagger.json file
app.UseSwaggerUI(c =>
{
c.SwaggerEndpoint("/swagger.json", "My API");
});
I've developed a REST API anotated with Swagger annotations.
I've been able to show the api documentation on a swagger-ui application, very nice.
The problem:
I'm trying to generate clients acording this specification using the url provided by swagger acording my anotations.
The porblem is it seems to be imcompatible, or at least, I don't see how to do the swagger editor reads my url and from then on, generate clients. But swagger editor reports me about some errors...
It's possible to integrate my anotated swagger api with a swagger editor?
Thanks.
The question seems a bit confusing.
If you are trying to generate clients from your REST API Swagger spec, then you should take a look to Swagger-Codegen project.
Description of project:
swagger-codegen contains a template-driven engine to generate client code in different languages by parsing your Swagger Resource Declaration.
Link to repository: https://github.com/swagger-api/swagger-codegen/
Link to official page: http://swagger.io/swagger-codegen/
Not sure if I understand the question correctly. If you want to generate API clients online, you an use http://generator.swagger.io (besides http://editor.swagger.io). Here is an example to generate API client for Java:
curl -X POST -H "content-type:application/json" -d '{"swaggerUrl":"http://petstore.swagger.io/v2/swagger.json"}' http://generator.swagger.io/api/gen/clients/java
Swagger editor is used only for editing a swagger spec in either json or yml format. It does not deal with swagger annotations in any way. However, some of the server skeletons that are generated on the swagger-editor website contain annotations. The annotations are a way of reverse engineering your API to generate a json file so that swagger UI can render a webpage based on the public url path to your swagger.json file.
If you are maintaining a swagger spec json file anyways, the annotations aren't really needed, you might as well just serve up the raw swagger.json itself, rather than the json that is generated by the annotations.
As to your question, "Is it possible to integrate your API with swagger editor?"... Anything is possible, but I'm not sure as to how or why you want to integrate them.