Forum Discussion

wesleytang's avatar
wesleytang
New Contributor
2 years ago

Pass Credentials to Embedded Swagger UI's Try it Out

I have a web application that has a Swagger UI 4 embedded in one of the pages (using the swagger-ui-dist dependency free version). When I use Try it Out, I am contacting a server that exists at the s...
Swagger UI
  • ponelat's avatar
    ponelat
    2 years ago

    Hi wesleytang ,

     

    Sounds like it could either be a bug, or it could be something unusual in how it's embedded.

    When you say the user is already logged in, are you referring to a Cookie session? That should work just fine if SwaggerUI is part of the same domain (as you said, embedded). 

    Setting credentials = include, might help (not sure how the interceptor would be set up for that, but I know it's in  there somewhere)... but it should also only apply to different domains, not the same domain you're already on.

     

    Take a look at the Network tab in your browser and see what headers are (not) being sent.

     

    Also note that "Authenticating" inside SwaggerUI doesn't create a cookie session for your underlying app, that doesn't set up a cookie only updates internal state. 

     

ponelat's avatar
ponelat
Staff
2 years ago

Hi wesleytang ,

 

Sounds like it could either be a bug, or it could be something unusual in how it's embedded.

When you say the user is already logged in, are you referring to a Cookie session? That should work just fine if SwaggerUI is part of the same domain (as you said, embedded). 

Setting credentials = include, might help (not sure how the interceptor would be set up for that, but I know it's in  there somewhere)... but it should also only apply to different domains, not the same domain you're already on.

 

Take a look at the Network tab in your browser and see what headers are (not) being sent.

 

Also note that "Authenticating" inside SwaggerUI doesn't create a cookie session for your underlying app, that doesn't set up a cookie only updates internal state. 

 

  • wesleytang's avatar
    wesleytang
    New Contributor
    2 years ago

    ponelat You brought up some good points that I looked into further, and it was the latter suspicion you had: though the Swagger UI is embedded in the page, session information is not stored with the client in this web application, so as far as I could tell, the reason I couldn't get the credentials to pass and no header was a present was a result of calls not actually using typical authentication headers. I will still need to tinker with it to figure out how to authenticate the request, but you definitely pointed me in the right direction.

    Thank you for your help!