2

I have integrated phoenix_swagger into my backend. I am autogenerating my swagger doc UI based off my controllers and using it to interactively test my endpoints.

Nonetheless, my routes are secured with Bearer JWTs. I am trying to figure out how to define authorization headers in phoenix_swagger with absolutely no luck.

I really appreciate the help Elixir friends!

For a visual:

swagger_path :create_user do
   post "/api/v1/users/create"
   description "Create a user."
   parameters do
     user :body, Schema.ref(:Create), "User to save", required: true
   end
   response 200, "Success"
 end

 def create_user(conn, query_params) do
   changeset = User.changeset(%User{}, query_params)
   with {:ok, user} <- Repo.insert(changeset),
       {:ok, token, _claims} <- Guardian.encode_and_sign(user) do
     conn
     |> Conn.put_status(201)
     |> render("jwt.json", jwt: token)
   else
     {:error, changeset} ->
       conn
       |> put_status(400)
       |> render(ErrorView, "400.json", %{changeset: changeset})
   end
 end

Standard Swagger 2.0 JSON Reference:
How can I represent 'Authorization: Bearer <token>' in a Swagger Spec (swagger.json)

Maarten van Vliet
  • 572
  • 7
  • 12
Joseph Horsch
  • 534
  • 4
  • 16

2 Answers2

2

Okay, I think I got it! Adding security [%{Bearer: []}] to swagger_path passes the authorization token to the call.

Controller:

...
swagger_path :create_user do
  post "/api/v1/users/create"
  description "Create a user."
  parameters do
    user :body, Schema.ref(:Create), "User to save", required: true
  end
  security [%{Bearer: []}]
  response 200, "Success"
end

def create_user(conn, query_params) do
  changeset = User.changeset(%User{}, query_params)
  with {:ok, user} <- Repo.insert(changeset),
      {:ok, token, _claims} <- Guardian.encode_and_sign(user) do
    conn
    |> Conn.put_status(201)
    |> render("jwt.json", jwt: token)
  else
    {:error, changeset} ->
      conn
      |> put_status(400)
      |> render(ErrorView, "400.json", %{changeset: changeset})
  end
end
...

Router:

...
def swagger_info do
  %{
    info: %{
      version: "0.0.1",
      title: "Server"
    },
    securityDefinitions: %{
      Bearer: %{
        type: "apiKey",
        name: "Authorization",
        in: "header"
      }
    }
  }
end
...
Joseph Horsch
  • 534
  • 4
  • 16
0

This is something I need to look into myself. Here are a couple links that may help.

https://github.com/xerions/phoenix_swagger/blob/master/docs/getting-started.md#router

https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#swagger-object

Paul
  • 66
  • 1
  • 4
  • 1
    securityDefinitions: %{ Bearer: %{ type: "apiKey", name: "Authorization", in: "header" } } – Paul Dec 15 '18 at 03:00