Forum Discussion

staylor2916396's avatar
staylor2916396
New Member
2 years ago

swagger OAuth2

Hi. I have a node.js api, using swagger. I am trying to add security around each method to authenticate the user. 

Using AWS Cognito user pool to authenticate users.

I am using swagger 2.0.

 

I have securityDefenitions setup in my json:

 

  "securityDefinitions": {
    "Bearer": {
      "type": "oauth2",
      "flow": "accessCode",
    }
  }
also have security setup for all methods:
"security": [],
 
I am not sure I understand the flow correctly, as OAuth2 has 2 basic steps 1)authenticate username/password, send back CODE(authorizationUrl) 2)get JWT from code (tokenUrl)
 
My app is getting the CODE back from the authorizationURL but swagger does not know what to do with the redirect or how to call the tokenUrl to get the JWT.
 
Would like some help so that on my swagger page, user clicks the Authorize button, enter user credentials and grabs the JWT needed to pass in to the header in the api calls.
thanks for any help and guidance
Swagger Editor
Swagger UI
  • ponelat's avatar
    ponelat
    Staff
    2 years ago

    HI staylor2916396 ,

     

    What Swagger library are you using in Node.js? Swagger (and OpenAPI) are about describing your APIs, and then using that definition to do fancy things like routing, validation, etc. 

    In Node.js case, I would imagine you'd want to look at something like https://www.passportjs.org/ for handling authentication on the code level. 

     

    On another point, having `security: []` doesn't add your security. You need to reference it by name, like `security: [ Bearer: [] ]`. See "Apply Security" in https://swagger.io/docs/specification/authentication/ for some more info there.