spectree
spectree copied to clipboard
0b01001001
[BUG] SecurityScheme(name="auth_apiKey)
I dont know this is bug of spec_tree or openapi.
I use SecurityScheme like here https://github.com/0b01001001/spectree/blob/master/tests/common.py#L84. But when i use this scheme and I register the token in the documentation (/apidoc/swagger). The token is not in the headers. I dont see it anywhere
Code example
from collections import OrderedDict
from flask import Flask
from flask_cors import CORS
from pydantic import EmailStr
from spectree import SpecTree
from spectree.config import Contact
from spectree.models import (
Server,
SecurityScheme,
SecuritySchemeData,
SecureType,
)
from ..config import cfg
from ..database import db, migrate
spec_tree = SpecTree(
"flask",
mode="strict",
title="Docs AuthService API",
version=cfg.API_VERSION,
annotations=True,
contact=Contact(
name="Бекишев Матвей",
email=EmailStr("[email protected]"),
),
servers=[
Server(
url="http://127.0.0.1:5555/",
description="Local Server",
),
],
security_schemes=[
SecurityScheme(
# todo баг библиотеки
name="auth_apiKey",
data={"type": "apiKey", "name": "Authorization", "in": "header"},
),
# SecurityScheme(
# name="ApiKey",
# data=SecuritySchemeData(
# type=SecureType.HTTP,
# description="Access Token in AuthService API",
# scheme="bearer",
# bearerFormat="UUID",
# ),
# ),
],
security=dict(
ApiKey=[],
),
)
I'm using the examples/security_demo.py.
You can login through the swagger frontend at http://localhost:8000/apidoc/swagger/#/default/post__ping and print the header in the /ping.
It should work. Let me know if you have any trouble.
This is what I got:
Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://localhost:8000/apidoc/swagger/
Authorization: Bearer xxx
Content-Type: application/json
Content-Length: 22
Origin: http://localhost:8000
Dnt: 1
Connection: keep-alive
Cookie: username-localhost-8888="2|1:0|10:1666666042|23:username-localhost-8888|44:MTM4NzkxZTUyY2JhNDJiOGE3ZDg3NWFiNjBiM2RlMjM=|b57b7f546745531bc5b4ac75da440be99c2ad345cff729ea90440216efd9a320"; _xsrf=2|02b02586|d92ca8e29efa72bfc7e3c02bccfd6a1f|1660811169
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Sec-Gpc: 1
You can see the Authorization: Bearer xxx.
If i use Bearer token i have not the problem. I see it in headers. But i try to use
SecurityScheme(
# todo баг библиотеки
name="auth_apiKey",
data={"type": "apiKey", "name": "Authorization", "in": "header"},
),
And i don't see that in header
Still cannot reproduce with the examples/security_demo.py.
Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://localhost:8000/apidoc/swagger/
Partner-Id: pid
Partner-Access-Token: ptoken
Content-Type: application/json
Content-Length: 22
Origin: http://localhost:8000
Dnt: 1
Connection: keep-alive
Cookie: username-localhost-8888="2|1:0|10:1667745583|23:username-localhost-8888|44:N2I1ZTI5MzIzNzE5NGU0OGFmYzMzNjhkNDFkMTY5MjA=|015080c328fdbb0380d3830b1df55e6270984fd6b1db87b5be559ddd8c3bd269"; _xsrf=2|02b02586|d92ca8e29efa72bfc7e3c02bccfd6a1f|1660811169
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Sec-Gpc: 1
I can get the Partner-Id and Partner-Access-Token (type=apiKey).