Default value option on Swagger api keys

[soullivaneuh]

My current project API need this header to authenticate:

Authorization: Bearer your_api_token

So I add this configuration for Swagger:

api_platform:
    swagger:
        api_keys:
            -
                name: Authorization
                type: header

It works. But the customer always have to add Bearer on the form content.

It would be great to have a default_value option on each api_keys element.

[silverbackdan]

I'm not sure if I understand correctly but I'll give a go at responding. If you mean that in the swagger docs a user has to add the Bearer on the form content then that can be done once when the page loads with a little 'Authorize' button that will appear in the docs.

If you mean that you'd like to set a default authorization header so a user doesn't have to do this, would this not make the API insecure because you'd be exposing an API key to the public?

[soullivaneuh]

No I don't want to avoid the usage of the Authorize button, I just want the form content to have Bearer on the input, so the use just have to copy the key. :-)

[silverbackdan]

Oh I see, API Platform just creates a swagger config. It looks as though this isn't something that package is looking to support - see OAI/OpenAPI-Specification#583

Mainly due to the potential security issues. Perhaps you could write a kernel listener, check if Bearer is in the authorization header already and if not, prepend it?

[soullivaneuh]

In that case, I could simply remove the Bearer prefix. :-)

[soyuka]

Closing, if needed decorate the openapi factory