poem
poem copied to clipboard
poem-web
Swagger UI doesn't send cookie to backend
I've defined a security schema that extracts a refresh token from the cookie.
#[derive(SecurityScheme)]
#[oai(
type = "api_key",
key_name = "refresh_token",
in = "cookie",
checker = "valid_refresh_token"
)]
pub struct UserWithValidRefreshToken(User);
The cookie is present in the browser and the request runs fine if u do the curl request and append the cookie value manually. However, if I try to trigger the endpoint via the SwaggerUI, the backend doesn't receive any cookie. What am I missing here?
Important to be fixed... https://swagger.io/docs/specification/authentication/cookie-authentication/
It does not, because this is not really possible. See link above:
Note for Swagger UI and Swagger Editor users: Cookie authentication is currently not supported for "try it out" requests due to browser security restrictions. See this issue for more information. SwaggerHub does not have this limitation.
You can use Postman, Insomnia and all of these instead.
No. This can not "repair" the functionality within the browser right now, but the feature is still missing in poem. There is a possibility to add it to swagger, so it should be done. When it works within the browser, this feature will be helpful, but for documentary reasons it is definitely a good idea, to inplement it even before that.