Forum Discussion

samej71's avatar
samej71
New Contributor
5 years ago

Two potential naming issues with api key authentication within SwaggerHub UI

I’m admittedly new to Swagger, and I’m having a hard time getting api_key working the way I believe it should be within the SwaggerHub UI. 

 

The documentation at https://swagger.io/docs/specification/2-0/authentication/api-keys/ says:

 

“Add an entry with type: apiKey in the global securityDefinitions section. The entry name can be arbitrary (such as APIKeyHeader in the example below) and is used to refer to this security definition from other parts of the spec.” (my b/i/u emphasis added)

 

And provides this example:

 

But if I use the following YAML in SwaggerHub, which has two identical securitySchemes with only an "x" added to the end of the "entry name" of one of them:

openapi: 3.0.0
info:
  version: "0.0.1"
  title: Test
servers:
  - description: Test
    url: https://virtserver.swaggerhub.com/test/test/1.0.0
paths:
  /blah:
    get:
      summary: 'api blah test 2'
      description: 'Something goes here'
      operationId: apiBlahTest
      security:
        - api_keyx: []
      responses:
        200:
          description: Success
components:
  securitySchemes:
    api_keyx:
      type: apiKey
      name: api_keyxx
      in: header
    api_key:
      type: apiKey
      name: api_keyxx
      in: header

 

with the security for /blah set to 'api_keyx', if in SwaggerHub I click the `/blah` and then the lock icon, it shows nothing for available authorizations:

 

But if I remove the 'x' at the end and change the `/blah`'s security to:

      security:
        - api_key: []

 

And then click the /blah lock icon, I get content in the authorizations dialog:

 

The `name` displayed within the pop-up does not reflect the name defined in the YAML, which I assume it would show in the dialog as `Name: api_keyxx` to match the YAML.

 

So two notes:

  1. The “entry name” does not appear to be arbitrary, if it is not specifically named “api_key” it doesn’t seem to appear in the SwaggerHub UI
  2. The entry’s “name” attribute (not to be confused with the “entry name”) does not appear to be reflected in the UI. The "name" seems to always be "api_key" (perhaps because it is using the "entry name" instead of the attribute "name"?

Am I doing something wrong, am I misunderstanding something(s), is the SwaggerHub UI presenting some bugs, or is it some combination thereof?

 

Thank you for any guidance.

 

--James

 

  

 

  • HKosova's avatar
    HKosova
    5 years ago

    Thanks for the additional details, I've passed them to the developers. To track the issue status you can open a support ticket and reference this thread and issue # STEAM-3967.

     

    The workaround seems to be to Save & refresh the editor after any changes in security schemes.

  • HKosova's avatar
    HKosova
    SmartBear Alumni (Retired)
    5 years ago

    Hi James,

     

    I did some tests with security schemes, and the issue with empty authorizations list occurs if I import an external API definition containing security schemes, or add a new security scheme into an existing API. Saving the API and refreshing the page resolves the issue. Can you see if the issue persists after you refresh the editor page?

     

    As for your questions about UI rendering of security scheme names vs their HTTP header names, hope this image helps clarify that:

     

    • samej71's avatar
      samej71
      New Contributor
      5 years ago

      Thank you for your reply. That is the functionality I was expecting, but not getting.

       

      It seems like refreshing the page triggered a "save" warning, so I let it save and after the refresh it was behaving as expected. However, after playing with it more, I was able to get it to break again. I updated the "name" attribute in YAML, let the UI "catch up" to the edit, then clicked the lock icon and the authorization dialog shows still shows the old value. You can see the updated YAML in the background and the old name value in the dialog.

       

      It seems like there is a bug where the UI stops fully reflecting the YAML contents. Some parts of the UI keep working, but other parts do not.

       

      I see a variety of cross-site warnings in the browser console, a TypeError, and some 404 errors. I'm not sure of any of these messages are related to the problem I'm experiencing.

       

      I am using Chrome Version 84.0.4147.105 (Official Build) (64-bit)

       

       

      • HKosova's avatar
        HKosova
        SmartBear Alumni (Retired)
        5 years ago

        Thanks for the additional details, I've passed them to the developers. To track the issue status you can open a support ticket and reference this thread and issue # STEAM-3967.

         

        The workaround seems to be to Save & refresh the editor after any changes in security schemes.