8

Im currently working with Quarkus and Swagger-UI as delivered by quarkus-smallrye-openapi. We have OIDC from Azure AD as security, which is currently not supported by Swagger-UI (see Swagger-Docs), so I can't add the "real" authorization to swagger. This means, I can't use Swagger since my endpoints are at least secured with @RolesAllowed. We have an endpoint to fetch a mock-security token, but I don't know how to tell swagger to take this token. Basically I want to tell swagger-ui "Here, I have this token, add it as Authorization: Bearer XXXto all requests", but I don't know how to do that in Quarkus.

Urr4
  • 421
  • 5
  • 17
  • Please take a look: https://stackoverflow.com/questions/64037662/quarkus-how-to-test-secured-api-endpoints-with-swagger-ui/64053958#64053958 – Ghokun Oct 05 '20 at 07:52
  • You want this token to fetched automatically from OIDC or you want to place it and be used by your APIs in Swagger ? – iabughosh Oct 05 '20 at 07:57

1 Answers1

7
  1. Register security scheme
@Path("/sample")
@SecuritySchemes(value = {
        @SecurityScheme(securitySchemeName = "apiKey", 
                        type = SecuritySchemeType.HTTP,
                        scheme = "Bearer")}
)
public class SampleResource {
  1. Mark the operation's security requirement with the scheme name registered.
    @GET
    @SecurityRequirement(name = "apiKey")
    String hello() {

  1. Authorize option should be now available on swagger page. Enter your mock api key here. enter image description here

  2. Trigger the service from swagger ui. You could now see Authorization: Bearer <VALUE> header set in request.

Haroon
  • 654
  • 1
  • 5
  • 9