oauth2 + passport = Bearer <token>

[pedrofsn]

"Authorization" : "Bearer token213315454Sample"

Is it possible to handle this kind o header in "documentation-swagger"?
If yes, how?

[DarkaOnLine]

It looks like Swagger UI not supporting this:

OAI/OpenAPI-Specification#583
swagger-api/swagger-ui#2234

[joaoBeno]

An way around this issue is specifying the auth as bellow:

 *     @SWG\SecurityScheme(
 *          securityDefinition="default",
 *          type="apiKey",
 *          in="header",
 *          name="Authorization"
 *      )

On the controller, add this:

 *     security={
 *         {
 *             "default": {}
 *         }
 *     }

Then you create a Middleware to append the Bearer , here is a sample:

class SwaggerFix
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (strpos($request->headers->get("Authorization"),"Bearer ") === false) {
            $request->headers->set("Authorization","Bearer ".$request->headers->get("Authorization"));
        }

        $response = $next($request);

        return $response;
    }
}

And then declare it on your Kernel.php:

// I placed it first so it runs before passport's middleware...
protected $routeMiddleware = [
    'swfix' => \App\Http\Middleware\SwaggerFix::class,
]

Now lets wait for Swagger v3 that is said to have oAuth2 support...

[pedrofsn]

Thanks @joaoBeno!

[DarkaOnLine]

Yes these variables are defined in config and passed into the view here: https://github.com/DarkaOnLine/L5-Swagger/blob/master/src/Http/Controllers/ SwaggerController.php#L63-L71

…

On 23 March 2017 at 14:29, ratanakpek ***@***.***> wrote: Hi! Everyone! I need help! I am trying to install L5-swagger, so i follow the command from this L5-swagger <https://github.com/DarkaOnLine/L5-Swagger> but I got errored everytime that I try to open this view that show the swagger. It said that undefined variable: $urlToDocs, $highlightThreshold,... and another variable. I commented the variable error already... for my question is that "How can I give the value to these variable?" in config/l5-swagger file? `<?php if (app()->environment() != 'testing') { header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Methods: GET, POST'); header("Access-Control-Allow-Headers: X-Requested-With"); } ?> <title>{{config('l5-swagger.api.title')}}</title> <script src='{{config('l5-swagger.paths.assets_public')}}/lib/object-assign-pollyfill.js' type='text/javascript'></script> <script src='{{config('l5-swagger.path s.assets_public')}}/lib/jquery-1.8.0.min.js' type='text/javascript'></script> <script src='{{config('l5-swagger.path s.assets_public')}}/lib/jquery.slideto.min.js' type='text/javascript'></script> <script src='{{config('l5-swagger.path s.assets_public')}}/lib/jquery.wiggle.min.js' type='text/javascript'></script> <script src='{{config('l5-swagger.path s.assets_public')}}/lib/jquery.ba-bbq.min.js' type='text/javascript'></script> <script src='{{config('l5-swagger.path s.assets_public')}}/lib/handlebars-2.0.0.js' type='text/javascript'></script> <script src='{{config('l5-swagger.path s.assets_public')}}/lib/lodash.min.js' type='text/javascript'></script> <script src='{{config('l5-swagger.paths.assets_public')}}/lib/backbone-min.js' type='text/javascript'></script> <script src='{{config('l5-swagger.path s.assets_public')}}/swagger-ui.min.js' type='text/javascript'></script> <script src='{{config('l5-swagger.paths.assets_public')}}/lib/highlight.9.1.0.pack.js' type='text/javascript'></script> <script src='{{config('l5-swagger.path s.assets_public')}}/lib/highlight.9.1.0.pack_extended.js' type='text/javascript'></script> <script src='{{config('l5-swagger.path s.assets_public')}}/lib/jsoneditor.min.js' type='text/javascript'></script> <script src='{{config('l5-swagger.paths.assets_public')}}/lib/marked.js' type='text/javascript'></script> <script src='{{config('l5-swagger.path s.assets_public')}}/lib/swagger-oauth.js' type='text/javascript'></script> <!-- Some basic translations --> <!-- <script src='lang/translator.js' type='text/javascript'></script> --> <!-- <script src='lang/ru.js' type='text/javascript'></script> --> <!-- <script src='lang/en.js' type='text/javascript'></script> --> <script type="text/javascript"> $(function () { var url = window.location.search.match(/url=([^&]+)/); if (url && url.length > 1) { url = decodeURIComponent(url[1]); } else { {{--url = "{!! $urlToDocs !!}";--}} url ="http://petstore.swagger.io/v2/swagger.json"; } **{{--hljs.configure({--}} {{--highlightSizeThreshold: {{ $highlightThreshold }}--}} {{--});--}}** // Pre load translate... if(window.SwaggerTranslator) { window.SwaggerTranslator.translate(); } window.swaggerUi = new SwaggerUi({ url: url, dom_id: "swagger-ui-container", @if(array_key_exists('validatorUrl', get_defined_vars())) // This differentiates between a null value and an undefined variable validatorUrl: {!! isset($validatorUrl) ? '"' . $validatorUrl . '"' : 'null' !!}, @endif supportedSubmitMethods: ['get', 'post', 'put', 'delete', 'patch'], onComplete: function(swaggerApi, swaggerUi){ @if(isset($requestHeaders)) @foreach($requestHeaders as $requestKey => $requestValue) window.swaggerUi.api.clientAuthorizations.add("{{$requestKey}}", new SwaggerClient.ApiKeyAuthorization("{{$requestKey}}", "{{$requestValue}}", "header")); @Endforeach @endif if(typeof initOAuth == "function") { initOAuth({ clientId: "your-client-id", clientSecret: "your-client-secret-if-required", realm: "your-realms", appName: "your-app-name", scopeSeparator: ",", additionalQueryStringParams: {} }); } if(window.SwaggerTranslator) { window.SwaggerTranslator.translate(); } }, onFailure: function(data) { console.log("Unable to Load SwaggerUI"); }, docExpansion: {!! isset($docExpansion) ? '"' . $docExpansion . '"' : '"none"' !!}, jsonEditor: false, apisSorter: "alpha", defaultModelRendering: 'schema', showRequestHeaders: false }); function addApiKeyAuthorization(){ var key = $('#input_apiKey')[0].value; {{--if ("{{$apiKeyInject}}" === "query") {--}} {{--key = encodeURIComponent(key);--}} {{--}--}} {{--if(key && key.trim() != "") {--}} {{--var apiKeyAuth = new SwaggerClient.ApiKeyAuthorization("{{$apiKeyVar}}", key, "{{$apiKeyInject}}");--}} {{--window.swaggerUi.api.clientAuthorizations.add("{{$securityDefinition}}", apiKeyAuth);--}} {{--}--}} } $('#input_apiKey').change(function() { addApiKeyAuthorization(); }); window.swaggerUi.load(); // if you have an apiKey you would like to pre-populate on the page for demonstration purposes // just put it in the .env file, API_AUTH_TOKEN variable ***@***.***($apiKey)--}} {{--$('#input_apiKey').val("{{$apiKey}}");--}} {{--addApiKeyAuthorization();--}} ***@***.***}} }); </script> swagger <http://swagger.io> Explore <#m_-324956319607622765_m_1126979693123509463_> ` — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#57 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABHg8mFYOzSjtVn0OT3DAk7PCDUvZjBtks5romWpgaJpZM4MJGgj> .

[ratanakpek]

Thanks Bro!

[pamaleona-navagis]

where does the middleware should be called?

[joaoBeno]

@pamaleona-navagis if you place this on your Kernel.php:

    // I placed it first so it runs before passport's middleware...
    protected $routeMiddleware = [
        'swfix' => \App\Http\Middleware\SwaggerFix::class,
    ]

It will run on all requests... If they don't have the bearer header, it will get it from the DB and append it to the request, before Passport handle the request...

Ps.: you need to past just the "swfix" line as the first item of the $routeMiddleware array...

[pamaleona-navagis]

I tried putting it on the forst line on the route middleware but unfortunately it doesn't work.

…

On Nov 9, 2017 7:40 AM, "joaoBeno" ***@***.***> wrote: @pamaleona-navagis <https://github.com/pamaleona-navagis> if you place this on your Kernel.php: // I placed it first so it runs before passport's middleware... protected $routeMiddleware = [ 'swfix' => \App\Http\Middleware\SwaggerFix::class, ] It will run on all requests... If they don't have the bearer header, it will get it from the DB and append it to the request, before Passport handle the request... — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#57 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AdjxKfYXGFNdod8AJ6W6meT7xE6lfk61ks5s0jwCgaJpZM4MJGgj> .

[joaoBeno]

@pamaleona-navagis, please post your kernel.php on a gist, and post the link here, so I can give you more support without notifying other people... 👍

[pamaleona-navagis]

Here's my Kernel.php https://gist.github.com/pamaleona-navagis/5010be66f1594fb98cea17d3098605af

…

On Thu, Nov 9, 2017 at 5:52 PM, joaoBeno ***@***.***> wrote: @pamaleona-navagis <https://github.com/pamaleona-navagis>, please post your kernel.php on a gist, and post the link here, so I can give you more support without notifying other people... 👍 — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#57 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AdjxKRGa0jd9Pkd_FwJnwVlgObdR10Ljks5s0stkgaJpZM4MJGgj> .

[yajra]

Sharing my solution in case it might help.

This is I how made it to work with Passport using password grant. No need for middleware since latest version uses Swagger UI v3.

Note: this snippets assumes that you already completed the passport setup.

1. Add passport security on swagger config

        'passport' => [ // Unique name of security
            'type' => 'oauth2', // The type of the security scheme. Valid values are "basic", "apiKey" or "oauth2".
            'description' => 'Laravel passport oauth2 security.',
            'flow' => 'password', // The flow used by the OAuth2 security scheme. Valid values are "implicit", "password", "application" or "accessCode".
            'tokenUrl' => config('app.url') . '/oauth/token', // The authorization URL to be used for (password/application/accessCode)
            'scopes' => []
        ],

2. Add swagger security scheme Duplicate of step 1, can be skipped as per @DarkaOnLine

 * @SWG\SecurityScheme(
 *   securityDefinition="passport",
 *   type="oauth2",
 *   tokenUrl="/oauth/token",
 *   flow="password",
 *   scopes={}
 * )

3. Include "passport" on your request security:

 * @SWG\Get(
 *   path="/api/user",
 *   tags={"user"},
 *   security={
 *     {"passport": {}},
 *   },
 *   summary="Get user",
 *   @SWG\Response(
 *     response=200,
 *     description="Logged in user info"
 *   )
 * )

4. Generate Docs

5. Authorized the request using the swagger interface and bearer tokens should be added now on secured request.

Request

[DarkaOnLine]

@yajra thanks for sharing.

But I think steps 1 and 2 duplicate each other. You need to use only one of them. Because security definitions in the config file will be generated and appended to the final swagger documentation json file: https://github.com/DarkaOnLine/L5-Swagger/blob/master/src/Generator.php#L46

[yajra]

@DarkaOnLine thanks for pointing that out. Will update my answer and my code. 👍

[rwngallego]

Is there a way to keep the user login even if I reload the Swagger UI? It's loosing the authentication

[akalongman]

@yajra is possible to set default values for client_id or etc. inputs?

[am0nshi]

@DarkaOnLine joining to last questions

[DarkaOnLine]

Please see @joseph-montanez suggestions here: #120

[amitgaur208]

@yajra But when we add security to any Api then should not send response without authorization

[kranthi610]

this is what I did after reading the API doc and it worked for me * @oas\SecurityScheme(

• securityScheme="bearerAuth",
• type="http",
  scheme="bearer",
  bearerFormat="JWT"
• )

//////////////////////////////////////

security={

•       {"bearerAuth": {}}
  

•     }
  

[kevincobain2000]

Passport annotation is good but when you have your own middleware then how about setting it to the interceptor and adding respective middlewares to the l5-swagger config file?

my-project/resources/views/vendor/l5-swagger/index.blade.php

    requestInterceptor: function() {
      this.headers['X-CSRF-TOKEN'] = '{{ csrf_token() }}';
      this.headers['Authorization'] = 'Bearer ' + '{{ Cookie::get("jwt-token") }}'
      return this;
    },

[oyepez003]

With latest version of l5-swagger:

Follow the Passport Instalation/Configuration

l5-swagger.php

'security' => [
       /* Open API 3.0 support*/
        'passport' => [ // Unique name of security
            'type'        => 'oauth2', // The type of the security scheme. Valid values are "basic", "apiKey" or "oauth2".
            'description' => 'Laravel passport oauth2 security.',
            'in'          => 'header',
            'scheme'      => 'https',
            'flows'       => [
                "password" => [
                    "authorizationUrl" => config('app.url') . '/oauth/authorize',
                    "tokenUrl"         => config('app.url') . '/oauth/token',
                    "refreshUrl"       => config('app.url') . '/token/refresh',
                    "scopes"           => []
                ],
            ],
        ],
],

In your secured controller:

/**
     * @OA\Get(
     *   path="/mySecuredEndpoint",
     *   summary="Secured with passport",
     *   description="Secured with passport",
     *   tags={"Passport Security"},
     *   security={{"passport": {"*"}}},
     *   @OA\Response(
     *     @OA\MediaType(mediaType="application/json"),
     *     response=200,
     *     description="My Response"
     *   ),
     *   @OA\Response(
     *     @OA\MediaType(mediaType="application/json"),
     *     response="default",
     *     description="an ""unexpected"" error"
     *   )
     * )

• Regenerate the docs.
• Create a Personal client with Passport (Artisan CLI).
• Refresh the Swagger UI and set the User, Password, Cient ID, Client Secret, Scope (if it's required).

And done... Should be work.

[hoangnkvti]

I followed @oyepez003 and used default passport setting from l5-swagger.php file but don't see password in popup?

How can I fix my problem?

[ssheduardo]

Hi,
I follow all steps for uses oauth2 + bearer, but some reason when called a method ever see the called into curl but not attach Bearer only the X-CSRF-TOKEN.

We uses Client Credentials Grant Tokens

This is my route:

Route::get('demo', 'ShippingController@demo')->name('api.v1.demo');

My RouteServiceProvider

    protected function mapClientCredentialRoutes()
    {
        Route::middleware('client_credentials')
             ->namespace($this->namespace)
             ->group(base_path('routes/client_credentials.php'));
    }

In Controller.php add

/**
 * @OA\Info(
 *     description="Shipping API",
 *     version="1.0.0",
 *     title="Demo shipping",
 *     termsOfService="http://swagger.io/terms/",
 *     @OA\Contact(
 *         email="info@demo.com"
 *     ),
 *     @OA\License(
 *         name="Apache 2.0",
 *         url="http://www.apache.org/licenses/LICENSE-2.0.html"
 *     )
 * )
 */
/**
 * @OA\Tag(
 *     name="shipping",
 *     description="",
 * )
 * @OA\Server(
 *     description="SwaggerHUB API Mocking",
 *     url="http://api-demo.local"
 * )
 */
/**
 * @OA\SecurityScheme(
 *     @OA\Flow(
 *         flow="clientCredentials",
 *         tokenUrl="oauth/token",
 *         scopes={}
 *     ),
 *     securityScheme="oauth2",
 *     in="header",
 *     type="oauth2",
 *     description="Oauth2 security",
 *     name="oauth2",
 *     scheme="http",
 *     bearerFormat="bearer",
 * )
 */
class Controller extends BaseController
{
    use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
}

And ShippingController

....
....
/**
     * @OA\Schema(
     *   schema="myname",
     *   type="string",
     *   description="Return a name"
     * )
     */

    /**
     * @OA\Get(
     *
     *   path="/api/v1/demo",
     *   summary="Get name",
     *   @OA\Response(
     *     response=200,
     *     description="successful operation",
     *     @OA\JsonContent(ref="#/components/schemas/myname"),
     *   )
     * )
     */

    public function demo()
    {
        return ['name' => 'Peter'];
    }
....
....

kernel.php

protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'api' => [
            'throttle:60,1',
            'bindings',
        ],
        'client_credentials' => [
            CheckClientCredentials::class,
            'throttle:60,1',
            'bindings',
        ],

    ];

    protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
        'client' => CheckClientCredentials::class,
    ];

Where are the error?

Some idea @oyepez003 , @yajra @kranthi610, etc?

[oyepez003]

@ssheduardo Check the passport option in the config/l5-swagger.php

'passport' => [
  ...
  'in'          => 'header',
  ...
]

[ssheduardo]

@oyepez003
Change in l5-swagger and done?
Con solo cambiar eso ya estaría, no tengo que modificar en otro lado?

[kranthi610]

@OA\SecurityScheme(

• securityScheme="bearerAuth",
  

• type="http",
  

• scheme="bearer",
  

• bearerFormat="JWT",
  

• )

this should help

Hi,
I follow all steps for uses oauth2 + bearer, but some reason when called a method ever see the called into curl but not attach Bearer only the X-CSRF-TOKEN.

We uses Client Credentials Grant Tokens

This is my route:

Route::get('demo', 'ShippingController@demo')->name('api.v1.demo');

My RouteServiceProvider

    protected function mapClientCredentialRoutes()
    {
        Route::middleware('client_credentials')
             ->namespace($this->namespace)
             ->group(base_path('routes/client_credentials.php'));
    }

In Controller.php add

/**
 * @OA\Info(
 *     description="Shipping API",
 *     version="1.0.0",
 *     title="Demo shipping",
 *     termsOfService="http://swagger.io/terms/",
 *     @OA\Contact(
 *         email="info@demo.com"
 *     ),
 *     @OA\License(
 *         name="Apache 2.0",
 *         url="http://www.apache.org/licenses/LICENSE-2.0.html"
 *     )
 * )
 */
/**
 * @OA\Tag(
 *     name="shipping",
 *     description="",
 * )
 * @OA\Server(
 *     description="SwaggerHUB API Mocking",
 *     url="http://api-demo.local"
 * )
 */
/**
 * @OA\SecurityScheme(
 *     @OA\Flow(
 *         flow="clientCredentials",
 *         tokenUrl="oauth/token",
 *         scopes={}
 *     ),
 *     securityScheme="oauth2",
 *     in="header",
 *     type="oauth2",
 *     description="Oauth2 security",
 *     name="oauth2",
 *     scheme="http",
 *     bearerFormat="bearer",
 * )
 */
class Controller extends BaseController
{
    use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
}

And ShippingController

....
....
/**
     * @OA\Schema(
     *   schema="myname",
     *   type="string",
     *   description="Return a name"
     * )
     */

    /**
     * @OA\Get(
     *
     *   path="/api/v1/demo",
     *   summary="Get name",
     *   @OA\Response(
     *     response=200,
     *     description="successful operation",
     *     @OA\JsonContent(ref="#/components/schemas/myname"),
     *   )
     * )
     */

    public function demo()
    {
        return ['name' => 'Peter'];
    }
....
....

kernel.php

protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'api' => [
            'throttle:60,1',
            'bindings',
        ],
        'client_credentials' => [
            CheckClientCredentials::class,
            'throttle:60,1',
            'bindings',
        ],

    ];

    protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
        'client' => CheckClientCredentials::class,
    ];

Where are the error?

Some idea @oyepez003 , @yajra @kranthi610, etc?

[ssheduardo]

After added the changes, this is the response

And this

/**
 * @OA\SecurityScheme(
 *     @OA\Flow(
 *         flow="clientCredentials",
 *         tokenUrl="oauth/token",
 *         scopes={}
 *     ),
 *     securityScheme="bearerAuth",
 *     in="header",
 *     type="http",
 *     description="Oauth2 security",
 *     name="oauth2",
 *     scheme="bearer",
 *     bearerFormat="JWT",
 * )
 */

Why not set the Bearer???
@kranthi610

---

@OA\SecurityScheme(

• securityScheme="bearerAuth",
  

• type="http",
  

• scheme="bearer",
  

• bearerFormat="JWT",
  

• )

this should help

Hi,
I follow all steps for uses oauth2 + bearer, but some reason when called a method ever see the called into curl but not attach Bearer only the X-CSRF-TOKEN.

We uses Client Credentials Grant Tokens

This is my route:
Route::get('demo', 'ShippingController@demo')->name('api.v1.demo');
My RouteServiceProvider

    protected function mapClientCredentialRoutes()
    {
        Route::middleware('client_credentials')
             ->namespace($this->namespace)
             ->group(base_path('routes/client_credentials.php'));
    }

In Controller.php add

/**
 * @OA\Info(
 *     description="Shipping API",
 *     version="1.0.0",
 *     title="Demo shipping",
 *     termsOfService="http://swagger.io/terms/",
 *     @OA\Contact(
 *         email="info@demo.com"
 *     ),
 *     @OA\License(
 *         name="Apache 2.0",
 *         url="http://www.apache.org/licenses/LICENSE-2.0.html"
 *     )
 * )
 */
/**
 * @OA\Tag(
 *     name="shipping",
 *     description="",
 * )
 * @OA\Server(
 *     description="SwaggerHUB API Mocking",
 *     url="http://api-demo.local"
 * )
 */
/**
 * @OA\SecurityScheme(
 *     @OA\Flow(
 *         flow="clientCredentials",
 *         tokenUrl="oauth/token",
 *         scopes={}
 *     ),
 *     securityScheme="oauth2",
 *     in="header",
 *     type="oauth2",
 *     description="Oauth2 security",
 *     name="oauth2",
 *     scheme="http",
 *     bearerFormat="bearer",
 * )
 */
class Controller extends BaseController
{
    use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
}

And ShippingController

....
....
/**
     * @OA\Schema(
     *   schema="myname",
     *   type="string",
     *   description="Return a name"
     * )
     */

    /**
     * @OA\Get(
     *
     *   path="/api/v1/demo",
     *   summary="Get name",
     *   @OA\Response(
     *     response=200,
     *     description="successful operation",
     *     @OA\JsonContent(ref="#/components/schemas/myname"),
     *   )
     * )
     */

    public function demo()
    {
        return ['name' => 'Peter'];
    }
....
....

kernel.php

protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'api' => [
            'throttle:60,1',
            'bindings',
        ],
        'client_credentials' => [
            CheckClientCredentials::class,
            'throttle:60,1',
            'bindings',
        ],

    ];

    protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
        'client' => CheckClientCredentials::class,
    ];

Where are the error?
Some idea @oyepez003 , @yajra @kranthi610, etc?

[kranthi610]

After added the changes, this is the response

And this

/**
 * @OA\SecurityScheme(
 *     @OA\Flow(
 *         flow="clientCredentials",
 *         tokenUrl="oauth/token",
 *         scopes={}
 *     ),
 *     securityScheme="bearerAuth",
 *     in="header",
 *     type="http",
 *     description="Oauth2 security",
 *     name="oauth2",
 *     scheme="bearer",
 *     bearerFormat="JWT",
 * )
 */

Why not set the Bearer???
@kranthi610

@OA\SecurityScheme(

• securityScheme="bearerAuth",
  

• type="http",
  

• scheme="bearer",
  

• bearerFormat="JWT",
  

• )

this should help

Hi,
I follow all steps for uses oauth2 + bearer, but some reason when called a method ever see the called into curl but not attach Bearer only the X-CSRF-TOKEN.

We uses Client Credentials Grant Tokens

This is my route:
Route::get('demo', 'ShippingController@demo')->name('api.v1.demo');
My RouteServiceProvider

    protected function mapClientCredentialRoutes()
    {
        Route::middleware('client_credentials')
             ->namespace($this->namespace)
             ->group(base_path('routes/client_credentials.php'));
    }

In Controller.php add

/**
 * @OA\Info(
 *     description="Shipping API",
 *     version="1.0.0",
 *     title="Demo shipping",
 *     termsOfService="http://swagger.io/terms/",
 *     @OA\Contact(
 *         email="info@demo.com"
 *     ),
 *     @OA\License(
 *         name="Apache 2.0",
 *         url="http://www.apache.org/licenses/LICENSE-2.0.html"
 *     )
 * )
 */
/**
 * @OA\Tag(
 *     name="shipping",
 *     description="",
 * )
 * @OA\Server(
 *     description="SwaggerHUB API Mocking",
 *     url="http://api-demo.local"
 * )
 */
/**
 * @OA\SecurityScheme(
 *     @OA\Flow(
 *         flow="clientCredentials",
 *         tokenUrl="oauth/token",
 *         scopes={}
 *     ),
 *     securityScheme="oauth2",
 *     in="header",
 *     type="oauth2",
 *     description="Oauth2 security",
 *     name="oauth2",
 *     scheme="http",
 *     bearerFormat="bearer",
 * )
 */
class Controller extends BaseController
{
    use AuthorizesRequests, DispatchesJobs, ValidatesRequests;
}

And ShippingController

....
....
/**
     * @OA\Schema(
     *   schema="myname",
     *   type="string",
     *   description="Return a name"
     * )
     */

    /**
     * @OA\Get(
     *
     *   path="/api/v1/demo",
     *   summary="Get name",
     *   @OA\Response(
     *     response=200,
     *     description="successful operation",
     *     @OA\JsonContent(ref="#/components/schemas/myname"),
     *   )
     * )
     */

    public function demo()
    {
        return ['name' => 'Peter'];
    }
....
....

kernel.php

protected $middlewareGroups = [
        'web' => [
            \App\Http\Middleware\EncryptCookies::class,
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \Illuminate\Session\Middleware\StartSession::class,
            // \Illuminate\Session\Middleware\AuthenticateSession::class,
            \Illuminate\View\Middleware\ShareErrorsFromSession::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

        'api' => [
            'throttle:60,1',
            'bindings',
        ],
        'client_credentials' => [
            CheckClientCredentials::class,
            'throttle:60,1',
            'bindings',
        ],

    ];

    protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class,
        'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class,
        'can' => \Illuminate\Auth\Middleware\Authorize::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'signed' => \Illuminate\Routing\Middleware\ValidateSignature::class,
        'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
        'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
        'client' => CheckClientCredentials::class,
    ];

Where are the error?
Some idea @oyepez003 , @yajra @kranthi610, etc?

Check the security scheme...I'm using bearer scheme.this is how my security definiton looks
/**
*schemes={"http,https"},

• @OA\Info(

• description="LIve API",
  

• version="1.0.0",
  

• title="Live API",
  

• ),
• @OA\Tag(

• name="Clubs",
  

• description="Everything about Pets",
  

• ),
• @OA\Server(

• description="SwaggerHUB API Mocking",
  

• url="http://dev.testapp.org"
  

• )
• @OA\SecurityScheme(

• securityScheme="bearerAuth",
  

• type="http",
  

• scheme="bearer",
  

• bearerFormat="JWT",
  

• )
  */

*security={

•       {"bearerAuth": {}}
  

•     }
  

*)

Lemme know if this helps

[ssheduardo]

*security={

•       {"bearerAuth": {}}
  

•     }
  

*)

Where put this code?

*security={

      {"bearerAuth": {}}
    }
*)

Please attached a screenshot.

[kranthi610]

*security={

•       {"bearerAuth": {}}
  

•     }
  

*)

Where put this code?

*security={

      {"bearerAuth": {}}
    }
*)

Please attached a screenshot.

Top of your controller ..Take a look on this pet controller example
https://github.com/zircote/swagger-php/blob/9e8aeca0618c50a1b70f14962f84eeec5e93e4e2/Examples/petstore-3.0/controllers/Pet.php#L192

[ssheduardo]

{"bearerAuth": {}}

Perfect, I got it!

class CustomController extends Controller
{
    /**
     * @OA\Schema(
     *   schema="myname",
     *   type="string",
     *   description="Return a name"
     * )
     */

    /**
     * @OA\Get(
     *
     *   path="/api/v1/demo",
     *   summary="Get name",
     *   @OA\Response(
     *     response=200,
     *     description="successful operation",
     *     @OA\JsonContent(ref="#/components/schemas/myname"),
     *   ),
     *     security={
     *         {"bearerAuth": {}}
     *     }
     * )
     */
    public function demo()
    {
        return ['name' => 'Peter', 'time' => Carbon::now()];
    }
}

Thanks you @kranthi610

[kranthi610]

{"bearerAuth": {}}

Perfect, I got it!

class CustomController extends Controller
{
    /**
     * @OA\Schema(
     *   schema="myname",
     *   type="string",
     *   description="Return a name"
     * )
     */

    /**
     * @OA\Get(
     *
     *   path="/api/v1/demo",
     *   summary="Get name",
     *   @OA\Response(
     *     response=200,
     *     description="successful operation",
     *     @OA\JsonContent(ref="#/components/schemas/myname"),
     *   ),
     *     security={
     *         {"bearerAuth": {}}
     *     }
     * )
     */
    public function demo()
    {
        return ['name' => 'Peter', 'time' => Carbon::now()];
    }
}

Thanks you @kranthi610
cool :)

[ssheduardo]

Why not anyone create a tutorial this?

[ssheduardo]

This is a last question.
How to remove -H "X-CSRF-TOKEN: " ??

[eleftrik]

Is there a way to keep the user logged in, after refreshing Swagger UI page?
I got it working, but every time I reload the page I have to insert again username, password, client_id and client_secret.
Thanks

[eleftrik]

Is there a way to keep the user logged in, after refreshing Swagger UI page?

I reply to myself: yes, there is. Found this: #120 (comment)

[thangho98]

Need your help? I cannot authorizations swagger when loggin by email, password using config security passport

[lunwhl]

@Doublefree9

Need your help? I cannot authorizations swagger when loggin by email, password using config security passport

You can use this

• @swg\SecurityScheme(
  * securityDefinition="MyHeaderAuthentication",
  * type="apiKey",
  * in="header",
  * name="Authorization"
  * ),

The apiKey is the Bearer token. You build a login api, copy the token into "apiKey" with "Bearer THE TOKEN U COPY"

[ihamzehald]

Adding a full example for a get request:

In top of your main controller add this:

/**

• @OA\SecurityScheme(

• @OA\Flow(
  

•     flow="clientCredentials",
  

•     tokenUrl="oauth/token",
  

•     scopes={}
  

• ),
  

• securityScheme="bearerAuth",
  

• in="header",
  

• type="http",
  

• description="Oauth2 security",
  

• name="oauth2",
  

• scheme="bearer",
  

• bearerFormat="JWT",
  

• )
  */

On top of your get request add this :

/**
 * Get the authenticated User.
 * @return \Illuminate\Http\JsonResponse
 *
 * Swagger UI documentation (OA)
 *
 * @OA\Get(
 *   path="/user/auth/jwt/me",
 *   tags={"User"},
 *   summary="Get the authenticated User",
 *   description="Get the authenticated User",
 *   operationId="jwtMe",
 *  @OA\Response(
 *         response="200",
 *         description="ok",
 *         content={
 *             @OA\MediaType(
 *                 mediaType="application/json",
 *                 @OA\Schema(ref="#/components/schemas/User")
 *              )
 *         }
 *     ),
 *   @OA\Response(response="401",description="Unauthorized"),
 *  security={
 *         {"bearerAuth": {}}
 *     }
 * )
 */

Here is a sample of User schema, add it on top of your model.

/**

• @OA\Schema(@OA\Xml(name="User"))
• @OA\Property(
• property="id",
• type="string",
• description="User ID"
• )
• @OA\Property(
• property="name",
• type="string",
• description="User name"
• )
• @OA\Property(
• property="email",
• type="string",
• description="User email"
• )
• @OA\Property(
• property="email_verified_at",
• type="string",
• description="Email verified at"
• )
• @OA\Property(
• property="created_at",
• type="string",
• description="Created at"
• )
• • @OA\Property(
• property="updated_at",
• type="string",
• description="Updated at"
• )
• • @OA\Property(
• property="api_token",
• type="string",
• description="Api token (used for token auth)"
• )
  */

[praj]

If you notice your requests just time out with Laravel passport, then make sure you have this in your controller methods (requests) tags after setting up Laravel Passport as a security type in your l5-swagger.php config file.

security={{"passport": {"*"}}},

Initially I was using this (without the asterisk):

security={{"passport": {""}}},

[K2ouMais]

I cant get this to work...

I have this in my Controller.php

/**
 * @OA\Info(
 *      version="1.0.0",
 *      title="My API",
 *      description="This is a test",
 * )
 *
 * @OA\Tag(
 *     name="Addresses",
 *     description="Handle your order addresses.",
 * )
 *
* @OA\SecurityScheme(
*      securityScheme="bearerAuth",
*      type="http",
*      scheme="bearer",
*  )
*/

Now I have this on my AddressesController.php:

    /**
     * @OA\Get(
     *      path="/addresses/",
     *      operationId="showAddresses",
     *      tags={"Addresses"},
     *      summary="Show all your addresses.",
     *      description="Show all your addresses.",
     *      @OA\Response(response=200, description="OK"),
     *      @OA\Response(response=401, description="Unauthorized."),
     *      security={
     *         {"bearerAuth": {}}
     *      }
     *     )
     */

This is the cURL:

curl -X GET "http://lei-api-swagger.test/api/addresses/" -H "accept: */*" -H "Authorization: Bearer 456987sdfsdeasaASDASD" -H "X-CSRF-TOKEN: "

It works without a problem in Postman...

Everytime I hit that endpoint I get a 401 Unauthorised.

What am I doing wrong?

How can I pass the "Accept" header?

How can I take the "X-CSRF-TOKEN:" out?

Thanks in advance

[kranthi610]

I cant get this to work...

I have this in my Controller.php

/**
 * @OA\Info(
 *      version="1.0.0",
 *      title="My API",
 *      description="This is a test",
 * )
 *
 * @OA\Tag(
 *     name="Addresses",
 *     description="Handle your order addresses.",
 * )
 *
* @OA\SecurityScheme(
*      securityScheme="bearerAuth",
*      type="http",
*      scheme="bearer",
*  )
*/

Now I have this on my AddressesController.php:

    /**
     * @OA\Get(
     *      path="/addresses/",
     *      operationId="showAddresses",
     *      tags={"Addresses"},
     *      summary="Show all your addresses.",
     *      description="Show all your addresses.",
     *      @OA\Response(response=200, description="OK"),
     *      @OA\Response(response=401, description="Unauthorized."),
     *      security={
     *         {"bearerAuth": {}}
     *      }
     *     )
     */

This is the cURL:

curl -X GET "http://lei-api-swagger.test/api/addresses/" -H "accept: */*" -H "Authorization: Bearer 456987sdfsdeasaASDASD" -H "X-CSRF-TOKEN: "

It works without a problem in Postman...

Everytime I hit that endpoint I get a 401 Unauthorised.

What am I doing wrong?

How can I pass the "Accept" header?

How can I take the "X-CSRF-TOKEN:" out?

Thanks in advance

Change your security definition to this and try
@OA\SecurityScheme(

• securityScheme="bearerAuth",
  

• type="http",
  

• scheme="bearer",
  

• bearerFormat="JWT",
  

• )
  */

[K2ouMais]

@kranthi610 Still doesnt work...

[kranthi610]

@kranthi610 Still doesnt work...

share me the swagger UI for API

[K2ouMais]

I was because of the "Accept" header.

Please I need to know how to change the "Accept" header?

It is everytime */* but I need it to be application/json.

And I also need to know how to take out the "X-CSRF-TOKEN" header??

It is a shame, that I cant find any documentation for this 2 things.

@DarkaOnLine Could you please help here?? Thank you in advance

[kranthi610]

Mine looks like this.. in my Adress controller...

*@OA\Response(

• response=200,
  

• description="successful operation",
  

• @OA\MediaType(
  

•      mediaType="application/json",
  

•      @OA\Schema(
  

•           type="array",
  

•            @OA\Items(
  

•                ref="#/components/schemas/Adress"
  

•            )
  

•      )
  

• ),
  

@OA\MediaType(

•      mediaType="application/xml",
  

•      @OA\Schema(
  

•           type="array",
  

•            @OA\Items(
  

•                ref="#/components/schemas/Address"
  

•            )
  

•      )
  

• )
  

*),
*
*@OA\Response(

• response=400,
  

•  description="Invalid value"
  

*),
*@OA\Response(

• response=401,
  

•  description="Unauthenticated"
  

*),
*security={

•       {"bearerAuth": {}}
  

•     }
  

*)
*/

this is how you do in base controller

/**
*schemes={"http,https"},

• @OA\Info(

• description="Access to ",
  

• version="1.0.0",
  

• title="Live API",
  

• ),
• @OA\Tag(

• name="Adress",
  

• description="Everything about Adresses",
  

• ),
• @OA\Server(

• description="SwaggerHUB API Mocking",
  

• url="http://dev.api.test.org"
  

• )
• @OA\SecurityScheme(

• securityScheme="bearerAuth",
  

• type="http",
  

• scheme="bearer",
  

• bearerFormat="JWT",
  

• )
  */

[K2ouMais]

I already said that I got it to work, but I had to change a Middleware where I only accept the accept header of application/json.

It seems there is a problem with the request headers.

It sends Accept */* and the in my case useless X-CSRF-TOKEN that by the way is empty.

[sevaldes]

I already said that I got it to work, but I had to change a Middleware where I only accept the accept header of application/json.

It seems there is a problem with the request headers.

It sends Accept */* and the in my case useless X-CSRF-TOKEN that by the way is empty.

Hi dude, i was the same problem. Just deleting the interceptor function it works to me. Good luck!.

/*
requestInterceptor: function() {
        if (this.headers) {
            this.headers['X-CSRF-TOKEN'] = '{{ csrf_token() }}';
        }

      return this;
},
*/

[buildsomethingdifferent]

Simple solution guys. go to index.blade.php file and find method requestInterceptor(); and replace with below code.

requestInterceptor: function(request) {
   request.headers['X-CSRF-TOKEN'] = '{{ csrf_token() }}';
   request.headers['Authorization'] = 'Bearer ' + request.headers['Authorization'];
  return request;
}

no need to create any middleware. securityScheme Passport in Your l5-swagger.php file should be like this

 'passport' => [ // Unique name of security
                'type' => 'apiKey', // The type of the security scheme. Valid values are "basic", "apiKey" or "oauth2".
                'description' => 'Laravel passport security.',
                'in' => 'header',
                'name' => 'Authorization',
                'scheme' => 'https',
                'flows' => [
                    "password" => [
                        "authorizationUrl" => config('app.url') . '/oauth/authorize',
                        "tokenUrl" => config('app.url') . '/oauth/token',
                        "refreshUrl" => config('app.url') . 'oauth/token/refresh',
                        "scopes" => []
                    ],
                ],
            ],