Ask a Question

Pass Credentials to Embedded Swagger UI's Try it Out

New Contributor

Pass Credentials to Embedded Swagger UI's Try it Out

I have a web application that has a Swagger UI 4 embedded in one of the pages (using the swagger-ui-dist dependency free version). When I use Try it Out, I am contacting a server that exists at the same address that the web app is on, but it asks for me to input credentials, despite already being logged into the web app.

Is there a way to pass the authorization from the web page to the Try it Out request? I've tried a request interceptor that sets the request.credentials to "include", but that doesn't work. I at one point tried to set up a OAS 3 security schema, but there did not seem to be a way for it to grab the credentials from the page dynamically after the definition was created already.


Hi @wesleytang ,


Sounds like it could either be a bug, or it could be something unusual in how it's embedded.

When you say the user is already logged in, are you referring to a Cookie session? That should work just fine if SwaggerUI is part of the same domain (as you said, embedded). 

Setting credentials = include, might help (not sure how the interceptor would be set up for that, but I know it's in  there somewhere)... but it should also only apply to different domains, not the same domain you're already on.


Take a look at the Network tab in your browser and see what headers are (not) being sent.


Also note that "Authenticating" inside SwaggerUI doesn't create a cookie session for your underlying app, that doesn't set up a cookie only updates internal state. 


@ponelat You brought up some good points that I looked into further, and it was the latter suspicion you had: though the Swagger UI is embedded in the page, session information is not stored with the client in this web application, so as far as I could tell, the reason I couldn't get the credentials to pass and no header was a present was a result of calls not actually using typical authentication headers. I will still need to tinker with it to figure out how to authenticate the request, but you definitely pointed me in the right direction.

Thank you for your help!

Showing results for 
Search instead for 
Did you mean: