Private endpoints remain hidden after authorizing #342
Comments
|
hi @adlmtl, interesting! so that would basically mean that the JWT token is not sent by SwaggerUI when requesting the schema url. that kind of makes sense somehow. the JWT token is used by SwaggerUI for building requests but it is no used by it's own bootstrapping. this all works automatically when cookie auth is used, but for JWT one must explicit set a header, which is why it fails here. SwaggerUI would have to be modified so that the schema url is reloaded on auth and also that the authorization is reused for requesting the schema. |
|
yasg behaves this way, so there's probably something that can be done. Any thoughts how I could progress? Thanks for responding so quickly! |
|
ahh i see. yes, yasg has a more hands-on approach to SwaggerUI. they have a custom init logic and patches going on, whereas we currently use only plain upstream SwaggerUI. this may be the first time we reached the limit of upstream SwaggerUI. the magic is here: we may have to patch SwaggerUI init logic for this. happy to look at proposals here as i'm lacking the time to tackle this atm. |
|
please review and test #552 |
tfranzel
added
the
fix confirmation pending
|
closing this issue for now. feel free to comment if anything is missing or not working and we will follow-up. |
Using SERVE_PUBLIC=True as shown in the docs. After fetching a jwt token and authorizing in the swagger-ui the page does not reload, and I am still only able to see public endpoints.
I've also tried refreshing the page manually with persistAuthorization = True being set and still no luck.
However if i call the schema endpoint it does return my complete schema with all private endpoints if I am authorized, it just doesn't reflect this in the swagger-ui
I'm using simpleJWT for auth.
The text was updated successfully, but these errors were encountered: