You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The spec states that the header should be of the form:
Authorization: Token jwt.token.here
It seems most JWT libraries/implementations actually use "Bearer" instead of "Token", that is:
Authorization: Bearer jwt.token.here
It does not matter to me (should it?), but I'm trying to use Swashbuckle to generate OpenAPI and SwaggerUI. It seems that Swashbuckle only considers "Bearer" to be valid. So, even if my application accepts Authorization: Token jwt.token, Swashbuckle/SwaggerUI/OpenAPI won't let me construct such a header. With the Postman collection, everything is good; with Swashbuckle/SwaggerUI/OpenAPI, it's not.
Can anyone weigh in on:
Are both "Token" and "Bearer" acceptable for JWT?
Is "Token" required for Conduit implementations instead of "Bearer"?
Should I just take Swashbuckle out of my project and go Postman-only? (this would be a bummer)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
The spec states that the header should be of the form:
It seems most JWT libraries/implementations actually use "Bearer" instead of "Token", that is:
It does not matter to me (should it?), but I'm trying to use Swashbuckle to generate OpenAPI and SwaggerUI. It seems that Swashbuckle only considers "Bearer" to be valid. So, even if my application accepts
Authorization: Token jwt.token, Swashbuckle/SwaggerUI/OpenAPI won't let me construct such a header. With the Postman collection, everything is good; with Swashbuckle/SwaggerUI/OpenAPI, it's not.Can anyone weigh in on:
Beta Was this translation helpful? Give feedback.
All reactions