How to set a bearer token param for testing a Rails API using Rswag UI

Question

I'm having issues when testing my API using the Rswag UI gem. It seems that authorization headers are not being set properly in the UI after entering the token in the param field. Nevertheless, the test itself is passing and the endpoint is being hit when I run the test in the terminal. Please take a look at the image attached below for more info.

My authenticate method in the application_controller looks like this:

def authenticate!
    authenticate_or_request_with_http_token do |token, _|
      @auth = ApiKey.exists?(access_token: token)
    end
end

The swagger_helper security definition looks like this

  securityDefinitions: {
    Bearer: {
      description: '...',
      type: :apiKey,
      name: 'Authorization',
      in: :header
    }
  }

And the test, which is passing, looks like this:

require 'swagger_helper'

RSpec.describe 'Api::V1::Events', type: :request do

  let(:access_token) { FactoryBot.create(:api_key).access_token }
  let(:Authorization) { "Bearer #{access_token}" }

  path '/v1/events' do
    post 'Creates an event' do
      tags 'Events'
      consumes 'application/json'
      security [Bearer: {}]
      parameter name: :Authorization, in: :header, type: :string
      parameter name: :event, in: :body, schema: {
          type: :object,
          properties: {
              name: { type: :string },
              description: { type: :string },
              date: { type: :string },
              time: { type: :string }
          },
          required: [ 'name', 'description', 'date', 'time' ]
      }

      response '201', 'created' do
        let(:event) { { name: 'foo', description: 'bar', date: '2020-09-24', time: '00:00:00' } }
        run_test!
      end
    end
   end
 end

This is the line I'm struggling with: parameter name: :Authorization, in: :header, type: :string I've tried different types, such as, http, string and apiKey and I haven't had luck

The Curl that Swager UI should return should look like this:

curl -X POST "http://localhost:3000/v1/events" -H "accept: */*" -H 'Authorization: Bearer ab4d77e61a5ccdc402sb75867328ea77' -H "Content-Type: application/json" -d "{\"name\":\"string\",\"description\":\"string\",\"date\":\"string\",\"time\":\"string\"}"

The Authorization header should be handled by the `security [Bearer: {}]` line. The parameter `parameter name: :Authorization, ...` is not needed. Instead, click the "Authorization" button at the top of Swagger UI, enter "Bearer " there, and then test the request. Does this work? — Helen, Sep 25 '20 at 14:23
It seems that the button you mentioned is not clickable, is there any configuration I should add to my helper to enable the button? — SgtPepper, Sep 25 '20 at 16:07

score 7 · Accepted Answer · answered Sep 25 '20 at 16:56

I found a solution based on the comment I got. I was not seeing the Authorize button in the swagger UI. So I basically made some updates in the swagger_helper among other files

I changed this:

  'v1/swagger.yaml' => {
      openapi: '3.0.1',
   ...

To this

  'v1/swagger.json' => {
      swagger: '2.0',
      ....
   }

Also on the bottom of the file I changed config.swagger_format = :yaml to config.swagger_format = :json

Then I ran the following command: rswag:specs:swaggerize to generate the json file

I also made an update to the initializer from c.swagger_endpoint '/api-docs/v1/swagger.yaml', 'API V1 Docs' to c.swagger_endpoint '/api-docs/v1/swagger.json', 'API V1 Docs'

Finally, I restarted the server and I was able to see the above mentioned button to enter the token.

with openapi: '3.0.1', this will work with yaml as well. – Mayuresh Srivastava May 05 '23 at 12:29 — Mayuresh Srivastava, May 05 '23 at 12:29

How to set a bearer token param for testing a Rails API using Rswag UI

1 Answers1