Forum Discussion

staylor2916396's avatar
New Member
2 years ago

swagger OAuth2

Hi. I have a node.js api, using swagger. I am trying to add security around each method to authenticate the user. 

Using AWS Cognito user pool to authenticate users.

I am using swagger 2.0.


I have securityDefenitions setup in my json:


  "securityDefinitions": {
    "Bearer": {
      "type": "oauth2",
      "flow": "accessCode",
also have security setup for all methods:
"security": [],
I am not sure I understand the flow correctly, as OAuth2 has 2 basic steps 1)authenticate username/password, send back CODE(authorizationUrl) 2)get JWT from code (tokenUrl)
My app is getting the CODE back from the authorizationURL but swagger does not know what to do with the redirect or how to call the tokenUrl to get the JWT.
Would like some help so that on my swagger page, user clicks the Authorize button, enter user credentials and grabs the JWT needed to pass in to the header in the api calls.
thanks for any help and guidance

1 Reply

  • HI staylor2916396 ,


    What Swagger library are you using in Node.js? Swagger (and OpenAPI) are about describing your APIs, and then using that definition to do fancy things like routing, validation, etc. 

    In Node.js case, I would imagine you'd want to look at something like for handling authentication on the code level. 


    On another point, having `security: []` doesn't add your security. You need to reference it by name, like `security: [ Bearer: [] ]`. See "Apply Security" in for some more info there.