为什么从 Swagger UI 发送的请求中缺少 Authorization 标头? [英] Why is the Authorization header missing in requests sent from Swagger UI?

问题描述

我想向我的 Node.js API 添加一个文档，为此我有一个 YAML 文件，我在其中放置了我的定义，swagger 文档位于 localhost:5000/api-doc 并且工作正常.

I want to add a documentation to my Node.js API, for this I have a YAML file where I put my definitions, the swagger doc is at localhost:5000/api-doc and working fine.

现在我必须添加 Bearer 授权但 Swagger 定义如下:

Now I have to add Bearer authorization but Swagger with the following definition:

swagger: "2.0"
info:
    version: 1.0.0
    title: My API documentation
    description: >
        My API documentation

host: localhost:5000
basePath: "/v1"
schemes:
    - http
securityDefinitions:
    Bearer:
        type: apiKey
        description: "Value: Bearer "
        name: Authorization
        in: header
paths:
    /users:
        get:
            responses:
                "200":
                    description: "Will send `Authenticated`"
                "403":
                    description: "You do not have necessary permissions for the resource"

测试请求时(我点击右上角的授权"按钮并输入我的令牌)我收到以下错误:

When testing the request (I clicked on "Authorize" button at the top right and entered my token) I get following error:

错误":未找到授权标头.

"error": "Authorization header not found.

为什么请求中没有包含 Authorization 标头?

Why is the Authorization header not included in the request?

推荐答案

securityDefinitions 单单是不够的，还需要在 root 级别添加 security 键或实际应用安全的操作级别.

securityDefinitions alone aren't enough, you also need to add the security key on the root level or operation level to actually apply the security.

security:
  - Bearer: []

这篇关于为什么从 Swagger UI 发送的请求中缺少 Authorization 标头?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！