swagger-ui icon indicating copy to clipboard operation
swagger-ui copied to clipboard

Published 20 hours ago verified publisher icon swagger-api

apiKey pairs not represented well in UI

Open daniel-sullivan opened this issue 8 years ago • 22 comments

When using apiKey pairs as per: https://swagger.io/docs/specification/authentication/api-keys/

Or in the case of my config below, the Swagger UI still continues to show the two keys as seperate authorizable entries rather than an AND case as they should be handled.

image

"securityDefinitions": {
    "username": {
      "type": "apiKey",
      "name": "X-Username",
      "in": "header"
    },
    "key": {
      "type": "apiKey",
      "name": "X-ApiKey",
      "in": "header"
    }
  },
  "security": [
    {
      "username": [

      ],
      "key": [

      ]
    }
  ]

Experiencing this with the latest version as of posting.

daniel-sullivan avatar Aug 04 '17 03:08 daniel-sullivan

@shockey Any progress or info on this issue?

vivek201 avatar Jul 05 '18 07:07 vivek201

@webron @hkosova as this issue is already over a year old, I assume you're not going to tackle it all, right?

fschaeffler avatar Aug 07 '18 22:08 fschaeffler

@fschaeffler, it's still open, so it's still an issue 😄 if it's a priority for you, we'd welcome a pull request that fixes it!

shockey avatar Aug 08 '18 03:08 shockey

I'm interested in this issue as I've ran into the same. However as I looked into the code, it seems that the "Available authorizations" popup does not represent the app global security, but rather the securityDefinitions/securitySchemes. I am thus wondering; is this really an issue, or is the intet just badly communicated ?

christophe-riolo avatar Jan 07 '20 12:01 christophe-riolo

@shockey I think it's a flaw of OpenAPI Specification.

woostundy avatar Jul 22 '20 10:07 woostundy

This is not fixed.... #4545 and #6155 are closed... The UI still shows A or B the same way A and B

security:    # A OR B
  - A
  - B

security:    # A AND B
  - A
    B

Tested with swagger-ui-3.36.0.zip

kernellpanic avatar Oct 26 '20 21:10 kernellpanic

Any updates?

Kilipurt avatar Jul 24 '21 15:07 Kilipurt

facing the same issue? Any updates ?

jeen-github avatar Sep 13 '21 19:09 jeen-github

No updates as of yet. Anyone keen on putting a sketch together of what this would look like in the UI? Else can wait for the next major grooming on security/auth related issues.

ponelat avatar Sep 14 '21 13:09 ponelat

Has anyone experienced that you can't Try It Out if your authentication keys are paired up as well? ie. in my case The headers are never sent.

braindeaf avatar Sep 27 '21 09:09 braindeaf

@braindeaf make sure you have security requirements defined for operations or on the root level, e.g.:

security:
  - apiKey1: []
    apiKey2: []

If this doesn't help, open a new issue.

hkosova avatar Sep 27 '21 09:09 hkosova

Opening a ticket @hkosova. Thank you :)

braindeaf avatar Sep 27 '21 10:09 braindeaf

Any updates?

davidivkovic avatar Aug 24 '22 01:08 davidivkovic

Any updates ?

ChR-iSz avatar Jan 17 '23 15:01 ChR-iSz

Any updates?

Freedom101 avatar Feb 07 '23 12:02 Freedom101

Any updates?

vizardkill avatar Mar 06 '23 06:03 vizardkill

I too would look forward to this improvement.

BiometricMA avatar Mar 13 '23 11:03 BiometricMA

I am also running into the same issue, any update on this? https://stackoverflow.com/questions/75786379/laravel-swagger-l5-swagger-multiple-apikey-in-header-securityscheme

latheesan-k avatar Mar 20 '23 23:03 latheesan-k

Any updates?

vizardkill avatar May 11 '23 01:05 vizardkill

Any updates?

leo-arguello-ueno avatar Apr 08 '24 13:04 leo-arguello-ueno