My web service API will check whether a certain cookie is included in the requests, but I couldn't figure out how to include a cookie to my swagger doc api calls.
I've tried two approaches:
Adding cookie as a editable field like this in my .yaml file.
paths:
/myApi/create:
parameters:
- name: Cookie
in: header
description: cookie
required: true
type: string
In the html file of swagger ui, add
window.authorizations.add(
"Cookie",
new ApiKeyAuthorization("Cookie", 'Name=Val', 'header')
)
But in both of the approach my api doesn't get the cookie, I was wondering how I can do this? Thanks!
OpenAPI/Swagger spec 2.0 does not support cookie authentication. For the next version (3.0), the discussion to support it can be found in the following:
https://github.com/OAI/OpenAPI-Specification/issues/15
UPDATE: OpenAPI spec 3.0 will support cookie: https://github.com/OAI/OpenAPI-Specification/blob/OpenAPI.next/versions/3.0.md#parameter-locations
Maybe it is too late, but you should check the following example:
swagger: '2.0'
info:
version: '1'
title: With Cookie Authentication
description: With Cookie Authentication
securityDefinitions:
myCookie:
type: apiKey
name: Cookie
in: header
paths:
/say-hi:
get:
summary: Say Hello
description: Say Hello
responses:
200:
description: OK
security:
- myCookie: []
Related
I am trying to login using swagger-ui and connexion.
To do this, I go through the login, get a token. I substitute this token in the header. I'm authorizing (it seems like it was successful as say swagger-ui), but when I try to make a request, I get an error
AttributeError: 'NoneType' object has no attribute 'get'.
Looking at the source code - this method is here - https://github.com/zalando/connexion/blob/master/connexion/security/security_handler_factory.py#L339
Apparently, this is due to the fact that auth_funcs = []
Although there is a title in the request itself. If you test through postman, everything is fine too.
openapi.yml
paths:
/articles/catalog/article/<article_id>/note/add:
post:
security:
- bearerAuth: []
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
bearerFormat: JWT
I'm using the
http://splix.github.io/grails-spring-security-facebook/index.html
java version "1.8.0_91"
Grails Version: 3.0.9 & Groovy Version: 2.4.5
I'm not sure where is is being inserted at. I've added the appid to application.yml, application.groovy, src\main\resources\application.properties.
````
DEBUG com.the6hours.grails.springsecurity.facebook.SpringSecurityFacebookGrailsPlugin - Facebook security config: [appId
:********, secret:********, apiKey:Invalid, domain:[classname:com.spontorg.FacebookUser, appUserConnectionPropertyName:u
ser], useAjax:true, autoCheck:true, jsconf:fbSecurity, permissions:[email, user_friends, public_profile], taglib:[langua
ge:en_US, button:[text:Login with Facebook], initfb:true], autoCreate:[enabled:true, roles:[ROLE_USER, ROLE_FACEBOOK]],
filter:[json:[processUrl:/j_spring_security_facebook_json, type:json, methods:[POST]], redirect:[redirectFromUrl:/j_spri
ng_security_facebook_redirect], processUrl:/j_spring_security_facebook_check, type:redirect, position:720, forceLoginPar
ameter:j_spring_facebook_force], beans:[:], host:localhost]
....
DEBUG com.the6hours.grails.springsecurity.facebook.FacebookAuthUtils - Redirect to http://127.0.0.1:8080/j_spring_securi
ty_facebook_check
`````
afterwards the URL redirect is
````
Location:https://www.facebook.com/dialog/oauth?client_id=962223610477458&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fj_spring_security_facebook_check&scope=email%2Cuser_friends%2Cpublic_profile&state=0-c68ca
````
then i get an error 72, and some message about the app is setup for public access, etc.
WELP...
It was me, i must have copy/pasted that in and never looked closely enough. IDK?
I checked the source code & it was pretty clearly pulling that value, rechecked and DOH!
finally got it, you need to match the host: with the value you put in ont the facebook app or it pukes again with a different error.
grails:
plugin:
springsecurity:
facebook:
appId: '###########'
secret: 'asfd!##$asfdasfd!#'
domain:
classname: 'com.domain.FacebookUser'
host: live.yourdomain.com
filter:
type: redirect
permissions: ['email','user_friends','public_profile']
We are using swagger for api documentation.
I'm facing an issue on tryit out. Basically the rest endpoints which we indent to call from swagger requires
Cookie(ex: cookie : token=xxxxx;) and User-Agent(User-Agent:custom values;) parameters.
But when I try to set this parameter
Cookie is not send as part of the request.
User-Agent is being overridden by browser values. I tried on firefox and chrome both.
I did tried search online but didn't find suitable answer solve my issue, There were suggestion to set
useJQuery: true and withCredentials: true to set the cookies, but non worked fine.
Any suggestion on this?
As presented on their website:
In OpenAPI 3.0 terms, cookie authentication is an API key that is sent
in: cookie. For example, authentication via a cookie named JSESSIONID
is defined as follows:
openapi: 3.0.0
...
# 1) Define the cookie name
components:
securitySchemes:
cookieAuth: # arbitrary name for the security scheme; will be used in the "security" key later
type: apiKey
in: cookie
name: JSESSIONID # cookie name
And then at the endpoint level:
paths:
/users:
get:
security:
- cookieAuth: [] # note the arbitrary name defined earlier
description: Returns a list of users.
responses:
'200':
description: OK
For swagger: "2.0" you can define cookie authentication like this:
securityDefinitions:
cookieAuth:
type: apiKey
name:
Cookie # this is actually the Cookie header which will be sent by curl -H
in: cookie
Referencing it at the endpoint is done the same way as for OpenAPI 3.
I'm using Apache JMeter 2.11 to test a web service with authentication. For the sample request I'm using View Results Tree as a listener and a SOAP/XML-RPC Request with the following syntax to my parameters:
URL: http://www.domain.com:####/dir/dir/webservice.asmx
SOAPAction: http://www.domain.com/action
What I have tried
1) Adding an HTTP Header Manager using
Name: Authorization:
Value: Basic [Base64 code encoded in ASCII, UTF-8, with or without domain in the user name] as explained here
With result: Response headers: HTTP/1.1 401 Unauthorized
2) Adding an HTTP Authorization Manager using
Base URL: http://www.domain.com:####
Username: [USERNAME]
Password: [PASSWORD]
Domain: [DOMAIN]
Realm: [NULL]
Mechanism: [BASIC_DIGEST/KERBEROS] as explained here
With result: Response headers: HTTP/1.1 401 Unauthorized
I also tried enabling Keep Alive in the request as suggested here
What am I doing wrong?
First you need to know the auth type, is it basic ? Digest ? Kerberos or other ?
Second, don't use SOAP/XML-RPC Request, use Http Request,
See Templates > Webservice in jmeter menu, it creates a sample test plan for Soap testing.
Add then your authentication with the correct Auth Manager using HttpClient 4 as sampler implementation and check.
The new Piwik version 0.6.1 allows you exclude visitors from a cookie.
How must the values look like for that cookie?
Here is the content of the piwik exclude cockie:
name: "piwik_ignore"
value: empty
domain: "your.piwik.domain"
path: "/"