如何使用Swagger UI自动授权所有端点? [英] How do I automatically authorize all endpoints with Swagger UI?

问题描述

我已经部署了整个API，并且可以通过Swagger UI进行访问.它使用基于HTTPS的基本身份验证，并且可以轻松地单击授权"按钮并输入凭据，并且可以很好地进行尝试！功能.

I have an entire API deployed and accessible with Swagger UI. It uses Basic Auth over HTTPS, and one can easily hit the Authorize button and enter credentials and things work great with the nice Try it out! feature.

但是，我想使用共享的用户名和密码创建一个公共的沙盒版本的API，该用户名和密码始终经过验证；也就是说，任何人都不必打开授权对话框来输入凭据.

However, I would like to make a public sandboxed version of the API with a shared username and password, that is always authenticated; that is, no one should ever have to bring up the authorization dialog to enter credentials.

我试图通过将另一个代码放在HTML页面上的script元素内，基于另一个堆栈溢出问题的答案来输入授权:

I tried to enter an authorization based on the answer from another Stack Overflow question by putting the following code inside a script element on the HTML page:

window.swaggerUi.load();
swaggerUi.api.clientAuthorizations.add("key", 
  new SwaggerClient.ApiKeyAuthorization(
  "Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=", "header"));

但是，当我按下Try it out!按钮时，未使用授权.

However, when I hit the Try it out! button the authorization is not used.

在所有端点上全局设置auth标头，以使无需用户手动输入凭据的正确方法是什么?

What would be the proper way to go about globally setting the auth header on all endpoints, so that no user has to enter the credentials manually?

(我知道这听起来像是一个很奇怪的问题，但是就像我提到的那样，这是一个公共用户名/密码.)

(I know that might sound like a weird question, but like I mention, it is a public username/password.)

推荐答案

对于使用Swagger UI 3.x(更确切地说是v.3.13.0 +)的用户–您可以使用以下方法自动进行授权:

For those using Swagger UI 3.x (more specifically, v.3.13.0+) – you can use the following methods to authorize automatically:

• preauthorizeBasic –用于基本身份验证
• preauthorizeApiKey –用于API密钥和OAS3承载身份验证

• preauthorizeBasic – for Basic auth
• preauthorizeApiKey – for API keys and OAS3 Bearer auth

要使用这些方法，必须在您的API定义中定义相应的安全方案.例如:

To use these methods, the corresponding security schemes must be defined in your API definition. For example:

openapi: 3.0.0
...
components:
  securitySchemes:

    basicAuth:
      type: http
      scheme: basic

    api_key:
      type: apiKey
      in: header
      name: X-Api-Key

security:
  - basicAuth: []
  - api_key: []

从onComplete处理程序中调用preauthorizeNNN，如下所示:

Call preauthorizeNNN from the onComplete handler, like so:

// index.html

const ui = SwaggerUIBundle({
  url: "https://my.api.com/swagger.yaml",
  ...

  onComplete: function() {

    // Default basic auth
    ui.preauthorizeBasic("basicAuth", "username", "password");

    // Default API key
    ui.preauthorizeApiKey("api_key", "abcde12345");
  }
})

在此示例中，"basicAuth"和"api_key"是API定义中指定的安全方案的密钥名称.

In this example, "basicAuth" and "api_key" are the keys name of the security schemes as specified in the API definition.

这篇关于如何使用Swagger UI自动授权所有端点?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！