How to add basic authentication to swagger docs page?

[7homasSutter]

Hi there,

I have tried to find the proper way to add basic authentication to the swagger.io page. However, from the documentation I'm not sure how it is meant to be configured. In the api specification there is a serve_challenge_on_401 field that I set to true and in the official docs I saw that there is a Flask configuration variable HTTP_BASIC_AUTH_REALM without any more information on how to use it.

    api = Api(title=app_instance.config["API_TITLE"],
              version=app_instance.config["API_VERSION"],
              description=app_instance.config["API_DESCRIPTION"],
              prefix=app_instance.config["API_PREFIX"],
              validate=True,
              serve_challenge_on_401=True,
              doc=app_instance.config["API_DOC_FOLDER"])

How can I provide a username and password for the basic authentication? I guess I need to set some specific environment variables but I couldn't find any infos in the docs.

Thx for any help

Tom

[j-cripps]

Just insert the following into your __init__.py

authorizations = {
    "basicAuth" : {
        "type" : "basic"
    }
}

api_bp = Blueprint('api', __name__)
api = Api(api_bp, version="0.1.0", title="API" authorizations=authorizations)

If you want to then apply the basicAuth to different HTTP methods then just use the @api.doc decorator like so

@api.doc(security="basicAuth")

and then decorate each method you want to apply the basic auth to

@api.doc(security="basicAuth")
def post():
    # Do things

[ashwiniagrawal]

Hi,

I am facing the same issue. Can you please tell me where did you provide the username and password for the basic authentication? Did you set any specific environment variables?

[Pxeba]

Could you reopen this issue? the problem persists and the solution presented is to create middleware for other requests. it will not work with the documentation endpoint

[7homasSutter]

Don't remember how I resolved the issue in the end but a quick look at the my old code showed that I settle with using flasgger. Maybe this code snippet helps:

from flask_basicauth import BasicAuth
from flasgger import Swagger

def create_app():
    app_instance = Flask(__name__, instance_relative_config=True, static_url_path='/static')
    api = Api(...
              authorizations={
                  "basicAuth": {
                      "type": "basic",
                      "scheme": "basic"
                  },
              },
              security={
                  "basicAuth": [],
                  'bearerAuth': []
              },...)
  ...
  app_instance.basic_auth = BasicAuth(app_instance)
  api.init_app(app=app_instance)
  setup_swagger_ui(app_instance, api)


def setup_swagger_ui(app_instance, api):
    """
    Configure swagger-ui and load api specification generated by flask restx.
    :param app_instance: flask app instance
    :param api: flask restx REST api
    """
    app_instance.c = {
        'title': app_instance.config["API_TITLE"],
        'uiversion': 3,
        'openapi': '3.0.2',
    }
    swagger_config = {
        "headers": [
        ],
        "specs": [
            {
                "endpoint": 'apispec_1',
                "route": '/api/swagger.json',
                "rule_filter": lambda rule: True,  # all in
                "model_filter": lambda tag: True,  # all in
            }
        ],
        "static_url_path": "/flasgger_static",
        "swagger_ui": True,
        "specs_route": "/apidocs/"
    }

    with app_instance.app_context():
        tmp_file = tempfile.NamedTemporaryFile(suffix=".json")
        tmp_file.write(bytes(json.dumps(api.__schema__), 'utf-8'))
        tmp_file.seek(0)
        swagger = Swagger(app_instance, config=swagger_config)
        swagger.load_swagger_file(tmp_file.name)
        tmp_file.close()