I can’t understand where and what i need to write for adding Bearer Token Auth for my API JSON SPEC.
I’ve added security schema in %OpenApiSpex.OpenApi{}
%OpenApi{
servers: [%Server{url: url}],
info: %Info{
title: to_string(Application.spec(:getmsg_api, :description)),
version: to_string(Application.spec(:getmsg_api, :vsn))
},
components: %Components{
securitySchemes: %{"authorization" => %OpenApiSpex.SecurityScheme{
type: "apiKey",
name: "Autorization",
in: "header"}
}
},
# Populate the paths from a phoenix router
paths: Paths.from_router(Router)
}
I’ve added macro security to my Phoenix.Controller. But i don’t understand, what it does.
security [%{}, %{"api_key" => ["write:message", "read:message"]}]
This is one of method from this controller
operation :index,
summary: "List messages",
parameters: [
token: [
in: :header,
name: "Authorization",
schema: %OpenApiSpex.Schema{type: :string},
required: true,
example: "Bearer valid_token"
]],
responses: %{
200 => {"List of messages", "application/json", OpenApi.MessageListResponse},
401 => {"Permission denied", "application/json", OpenApi.PermissionDeniedResponse}
}
def index(conn, _params) do
messages = Msgs.list_all()
render(conn, "index.json", messages: messages)
end
I’m missing something, but don’t know what.
When i’m trying to test method /GET
through swaggerui, there is no req_header 'autorization` with value “Bearer some_token_value”
curl from swaggerui
curl -X 'GET' \
'http://localhost:4000/getmsg/api/messages' \
-H 'accept: application/json' \
-H 'x-csrf-token: TCwFJzMqJhoFKAQLClAYIV9ULgwEQD8taKJRWksmULaZ8iJE7akos9GG'