when I authorize myself in Swagger UI, I have to write "Bearer {then I write JWT} here"
How can I add the string "Bearer" automatically before the JWT token in swagger UI?
Here is my Swagger Settings:
SWAGGER_SETTINGS = {
"SECURITY_DEFINITIONS": {
"JWT [Bearer {JWT}]": {
"name": "Authorization",
"type": "apiKey",
"in": "header",
}
},
"USE_SESSION_AUTH": False,
}
FORCE_SCRIPT_NAME = "/"
I recommend you to migrate from drf-yasg to drf_spectacular, it already includes JWT authentication automatically and without so many complications, it even uses OpenAPI 3 (drf-yasg uses OpenAPI 2 and is becoming obsolete)
Automatic Generation
Authenticate with JWT
See this From drf-yasg to OpenAPI 3
Its only one solution simple add Bearer and space before paste the token in value field where you add token simple
Related
Previously I was using django-rest-auth package and I was getting the auth token when user log in in response response.data.key and this auth token or key was working fine with the api calls as authentication auth
Previously for django-rest-auth:
"/rest-auth/login/"
was getting the response.data.key as auth token and that was working
I have stored in the cookie for later use
.get("/rest-auth/user/", {
headers: {
"Content-Type": "application/json",
Authorization: "Token " + response.data.key + "",
},
})
It was working to get info on user and also was working when used in other api calls by setting it in
Authorization: "Token " + response.data.key + ""
But now, I'm using dj-rest-auth package instead of django-rest-auth and shifted my urls to
/dj-rest-auth/login
and I'm not getting any key or auth token that I can use for authorization in header.
.get("/dj-rest-auth/user/", {
headers: {
"Content-Type": "application/json",
Authorization: "Token " + response.data.? + "",
},
})
It's not working because now I'm getting access_token , refresh_token and user info. I tried to use access_token and refresh_token for authorization in header but it's not working because I'm not getting key or auth token in response when user log in
Note: django-rest-auth is no more maintained and dj-rest-auth is forked from the previous one and have more functions (this is the reason why I'm switching)
How to get auth token or key by using dj-rest-auth package so that I can use it in the header of API calls for authorization?
Check that you don't have an REST_USE_JWT = True in your settings. That setting will enable JWT authentication scheme instead of a (default) token-based.
In django-rest-auth you get the key from a GET request, but according to dj-rest-auth's documentation, you get the token key as a response when you make a post request to /dj-rest-auth/login/.
When you make a POST request to /dj-rest-auth/login/, you can access the key at response.data. But now you need to store it so you can use it in your get requests.
I recommend checking out this question's answers to learn more about storing tokens. How you choose to do this will depend on how to the frontend of your application is built, as the javascript needs access to the token key.
I know I'm late to answer this, but hopefully I can help someone other folks who find this.
As the title mentions, I would like to have a #api.response(401, 'Unauthenticated') response added to the documentation of all APIs which require authentication.
flask-resplus/restx displays a lock icon, so the user should expect a 401 if not authenticated, but I would like this response to be explicit without having to explicitly write that decorator on every method or resource.
Is this possible with some global setting?
+1 on that. I'm facing a somewhat similar challenge.
Also opened this issue on their GitHub repo with hopes to get an answer.
Would be awesome if someone could suggest a solution 🙏🏼
you don't need to have a special decorator for it.
you just need the following code in you endpoints init.py file. Swagger will automatically support authorization and will through 401 with any decorator.
from flask_restx import Api
blueprint = Blueprint("api", __name__)
authorizations = {
"Authorization": {
"description": "Inputs: Bearer \\<jwtToken\\>",
"type": "apiKey",
"in": "header",
"name": "Authorization",
}
}
api = Api(
blueprint,
title="Dummy API",
version="1.0",
authorizations=authorizations,
security="Authorization",
)
I followed this AWS API Gateway doc and set up an authorization for my API with a cognito identity token. I tested my cognito id token in the API Gateway console, that works: It gives me the correct values, the sub and email values are correctly retrievd from the token:
testing the id token works
I then added the Authorizor to my Method:
my method request
But when I now test my method, still all requests go through (with or without identity token provided) when I send them from the test form in API Gateway (inside the method):
teting with no token or invalid token
I would have expected an "Unauthorized" or "Access Denied" response, instead I get 200.
I also tried setting "API Key Required" in Method Request to true and require an Autorization Header, but even then the request from above comes through with status 200:
setting API Key Required to true
I also added
"context" : {
"sub" : "$context.authorizer.claims.sub",
"email" : "$context.authorizer.claims.email"
}
to my mapping template, so the full template now looks like this:
{
"TableName": "myUsersTable",
"Key": {
"id": {"S": "$input.params('id')"},
"username": {"S": "$input.params('id')"}
},
"context" : {
"sub" : "$context.authorizer.claims.sub",
"email" : "$context.authorizer.claims.email"
}
}
but the log is always empty for sub and email (and the response status is still 200):
Tue Dec 29 10:35:46 UTC 2020 : Endpoint request body after transformations: {
"TableName": "myUsersTable",
"Key": {
"id": {"S": "testUser"},
"username": {"S": "testUser"}
},
"context" : {
"sub" : "",
"email" : ""
}
}
What am I doing wrong here?
For me it never worked when I tested it inside the API Gateway console. But when you use Postman, it should work (set "API Key Required" in Method Request back to false and delete that an Autorization Header is required, then deploy your API again and test it with Postman, putting your token into the request header like this:
Your mapping template for the sub and email values seems correct, too. I think the whole Authorization validation is just skipped when you use the API Gateway console to test, but I'm not sure. Use Postman instead, then it should work.
See also: https://medium.com/#chandupriya93/providing-authorization-to-api-gateway-with-cognito-identity-pools-af451fd3b532
I tried to search conversation from Intercom API using Postman but it always return server error message.
I just followed their API docs.
request url: POST https://api.intercom.io/conversations/search?query=updated_at>1590278400
The query should be in JSON format in the Body, not in the querystring like you do in your example:
{
"query": {
"field": "updated_at",
"operator": ">",
"value": 1590278400
}
}
In Postman it looks like this (note: don't forget to add your authentication)
I am using Django Rest Framework Token authentication and if i do curl http://localhost:8000/api/v1/users/?format=json -H 'Authorization: Token 0a813fdcd3f8846d6fa376f2592bbc678b0b8e85' everything works fine.
But when i try to achieve that with Postman chrome client it nothing happens. What am i doing wrong??
You are setting the header to Authorization: Token when it really should just be Authorization. The header is actually just Authorization, but the value is Token [token_string], where [token_string] is the authorization token that you have obtained.
For the new version of postman it is necessary to choose Auth 2 type authentication in the left panel, then in the right panel, specify the DRf key which is "Token" and in the value the token itself.
In addition to the above answer, make sure to enable "Follow Authorization header" under setting (See below screenshot)
After Specifying Authorization and Token value try to add the token in an environment so that every time you don't have to copy the token value.
After get access token from http://127.0.0.1:8000/accounts/login/
such this :
{
"email": "user#example.com",
"tokens": {
"refresh": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoicmVmcmVzaCIsImV4cCI6MTY2NjI2NTAxMSwiaWF0IjoxNjY2MTc4NjExLCJqdGkiOiJjZWM3MzJmNDZkMGE0MTNjOTE3ODM5ZGYxNzRiNzMxZCIsInVzZXJfaWQiOjcwfQ.5Rd25s6msp72IHyU1BxE4ym24YIEbhyFsBdUztGXz0I",
"access": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0b2tlbl90eXBlIjoiYWNjZXNzIiwiZXhwIjoxNjY2MjY1MDExLCJpYXQiOjE2NjYxNzg2MTEsImp0aSI6IjgyOWFmZGE5MWY2ODRhNDZhMDllZGMzMmI0NmY0Mzg5IiwidXNlcl9pZCI6NzB9.TYhi0INai293ljc5zBk59Hwet-m9a1Mc1CtA56BEE_8"
},
"id": 70
}
copy content of "access" key in response, then in post man in Headers add new item by key : Authorization and value such this:
Bearer eyJ0eXAi....
that eyJ0eXAi.... is value of access key.
then send the request.