Swagger和JWT令牌认证 [英] Swagger and JWT Token Authentication
问题描述
我正在构建一些很好的Swagger文档,除了我希望页面可以交互地工作之外,因此,在选择编辑器或UI时,如果我单击了Authorize按钮,则将调用构建的Authentication URL.然后在后续请求中使用的JWT令牌.
I am building some Swagger documentation, all well and good, except that I am wanting to have the page work interactively, so when selecting the editor or UI, if I hit the authorize button, I would call my Authentication URL that builds the JWT token that is then used in subsequent requests.
我正计划向API客户端颁发Api访问密钥和秘密访问密钥,并希望访问一个身份验证页面,该页面将对其进行处理并构建JWT令牌.
I am planning to issue the API client an Api Access Key and a Secret Access Key, and want to hit an authentication page that will process these and build the JWT token.
令我惊讶的是,如果我能够在Swagger中获得有关如何实现此目标的正确定义,那么我将拥有一个现成的测试客户端,然后将其用于我的新代码.
It strikes me that if I can get the correct definition of how to achieve this in Swagger, that I will have a ready-built test client to then use against my fresh new code.
是的,这是我第一次使用JWT,但我尚未构建代码.您可以说"API优先"吗?
Yes, it's my first time with JWT and I have not yet built the code. Can you say "API-First"?
推荐答案
这是我将Swagger与JWT身份验证结合使用的方式:
This is how I used Swagger with JWT Authentication:
- 编写一个Express.js API端点以生成JWT.
- 创建一个Swagger路径以使用上述端点检索JWT
-
在swagger.yaml根目录下:
- Write a Express.js API end point to generate a JWT.
- Create a Swagger Path to retrieve the JWT using above end point
In swagger.yaml root level:
securityDefinitions:
JWT:
type: apiKey
in: header
name: access_token
在swagger.yaml路径中:
In swagger.yaml paths:
security
-JWT: []
这将在浏览器的Swagger UI中显示一个授权"按钮.
This will display an Authorize button in Swagger UI on browser.
- 在上方单击授权"按钮时弹出的身份验证"窗口中,输入上面生成的JWT
- 现在,JWT将与请求标头一起传递
希望这对其他人有帮助.
Hope this may help others.
这篇关于Swagger和JWT令牌认证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!