Vovchikan

Vovchikan

Open Api Spec for bearer Token

I can’t understand where and what i need to write for adding Bearer Token Auth for my API JSON SPEC.

I’ve added security schema in %OpenApiSpex.OpenApi{}

%OpenApi{
      servers: [%Server{url: url}],
      info: %Info{
        title: to_string(Application.spec(:getmsg_api, :description)),
        version: to_string(Application.spec(:getmsg_api, :vsn))
      },
      components: %Components{
        securitySchemes: %{"authorization" => %OpenApiSpex.SecurityScheme{
          type: "apiKey",
          name: "Autorization",
          in: "header"}
        }
      },
      # Populate the paths from a phoenix router
      paths: Paths.from_router(Router)
    }

I’ve added macro security to my Phoenix.Controller. But i don’t understand, what it does.

security [%{}, %{"api_key" => ["write:message", "read:message"]}]

This is one of method from this controller

operation :index,
    summary: "List messages",
    parameters: [
      token: [
        in: :header,
        name: "Authorization",
        schema: %OpenApiSpex.Schema{type: :string},
        required: true,
        example: "Bearer valid_token"
      ]],
    responses: %{
      200 => {"List of messages", "application/json", OpenApi.MessageListResponse},
      401 => {"Permission denied", "application/json", OpenApi.PermissionDeniedResponse}
    }

  def index(conn, _params) do
    messages = Msgs.list_all()
    render(conn, "index.json", messages: messages)
  end

I’m missing something, but don’t know what.

When i’m trying to test method /GET through swaggerui, there is no req_header 'autorization` with value “Bearer some_token_value”

curl from swaggerui

curl -X 'GET' \
  'http://localhost:4000/getmsg/api/messages' \
  -H 'accept: application/json' \
  -H 'x-csrf-token: TCwFJzMqJhoFKAQLClAYIV9ULgwEQD8taKJRWksmULaZ8iJE7akos9GG'

Marked As Solved

Vovchikan

Vovchikan

Solved!

Security scheme in OpenApi{} struct and in macro OpenApiSpex.ControllerSpecs.security/1 must have same key (in my case it is “bearerAuth”)! And i had spelling mistake in field name in my security scheme.

%OpenApi{
      servers: [%Server{url: url}],
      info: %Info{
        title: to_string(Application.spec(:getmsg_api, :description)),
        version: to_string(Application.spec(:getmsg_api, :vsn))
      },
      components: %Components{
        securitySchemes: %{"bearerAuth" => %OpenApiSpex.SecurityScheme{
          type: "apiKey",
          name: "Authorization",
          in: "header"}
        }
      },
      # Populate the paths from a phoenix router
      paths: Paths.from_router(Router)
    }

and in controller

security [%{"bearerAuth" => []}]

so correct curl generated

curl -X 'GET' \
  'http://localhost:4000/getmsg/api/messages' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer SFMyNTY.g2gDYQFuBgCHP8PphgFiAAFRgA.HAuxlwCHIsGcRibuYnWuDaLOcjx_ZB44RdcAwPPy3xA' \
  -H 'x-csrf-token: NmQ5ETMwXAAjLSk4ESQYL3E-e3gxdEYgU2siii6NEdvirtMHIG5IaG6T'

Where Next?

Popular in Questions Top

aadeshere1
I have a another noob question about loop. Since elixir is immutable, while loop is not directly possible. total = 10 while total != 0 ...
New
mcarvalho
What is the difference between System.get_env and Application.get_env? For example, what are best practices to use one versus another.
New
albydarned
Hello all! I am typing this post from my new MacBook Pro with the M1 chip. I’m loving it so far, and will probably use it as my daily dr...
New
fireproofsocks
I’m working on defining a simple Ecto schema for a table (in PostGres), but I don’t see where I can define a column as NOT NULL. Conside...
New
shahryarjb
Hello, I have map which I want to convert it to string like this: the map: %{last_name: "tavakkoli", name: "shahryar"} the string I ne...
New
stefanchrobot
What’s the safe way to decode a JSON string into a struct? I want to avoid calling String.to_atom. Jason.decode can give me a map with st...
New
Qqwy
Original source of discussion: This topic on the Pragmatic Programmers’ Functional Web Development with Elixir, OTP, and Phoenix forum. ...
New
dblack
I’ve got an issue with an app and I’ve no idea of how to troubleshoot it. I’m hoping someone here might have seen something similar. I p...
New
hariharasudhan94
I would like to know what is the best IDE for elixir development?
New
vonH
In asking this question I am more interested about the expressiveness of the language itself and less concerned about the availability of...
New

Other popular topics Top

9mm
I am constructing a JSON object (map) and I need to conditionally set a field. I’m trying to write proper elixir-way code… and I’m at a l...
New
chrismccord
As promised, the first release candidate of Phoenix 1.3.0 is out! This release focuses on code generators with improved project structure...
New
lessless
I believe there are people here who are dealing with CSV files import on the daily basis, and since Excel is a really popular tool there ...
New
Fl4m3Ph03n1x
About me? ( if you have nothing better to do than reading about some random guy in the internet :stuck_out_tongue: ) Hello all, this is ...
New
jerry
Good day to you all. I have been struggling to get a query involving like and ilike to work. Can anyone assist me on this, please? pro...
New
SoCreat
i’m a new one to elixir which editor can i use vs code? or atom? Thanks! :smiley:
New
Emily
I have VueJS GUIs with the project generated using Webpack. I have Elixir modules that will need to be used by the VueJS GUIs. I forese...
New
Qqwy
Original source of discussion: This topic on the Pragmatic Programmers’ Functional Web Development with Elixir, OTP, and Phoenix forum. ...
New
boundedvariable
I am going through the kafka architecture. All the features what the kafka is providing are already in Erlang. I would like hear your opi...
New
hariharasudhan94
I would like to know what is the best IDE for elixir development?
New

We're in Beta

About us Mission Statement