Solved: Apigee Portal Bearer authorization not working

ghassanbarghout · 08-12-2020 10:22 PM

I have uploaded a swagger openAPI 3.0.0 standard yaml file to the Apigee Portal. I have a security scheme that requires a Bearer token. But after uploading the document > going to the live portal > Clicking on Api's > then Authorization, I notice that it changes to basic authorization (which means I need to insert a username and password)

How can I fix this? It seems like a bug from Apigee portal.

Report Inappropriate Content

The below format works for me. I tried.

swagger: '2.0'
info:
  version: 1.0.0
  title: Based on "Basic Auth Example"
  description: >
    An example for how to use Auth with Swagger.

host: basic-auth-server.herokuapp.com
schemes:
  - http
  - https
securityDefinitions:
  Bearer:
    type: apiKey
    name: Authorization
    in: header
paths:
  /:
    get:
      security:
        - Bearer: []
      responses:
        '200':
          description: 'Will send `Authenticated`'
        '403':

description: 'You do not have necessary permissions for the resource'

View solution in original post

Report Inappropriate Content

Did you try like below?

openapi: 3.0.0
...
# 1) Define the security scheme type (HTTP bearer)
components:  
  securitySchemes:
    bearerAuth:
            # arbitrary name for the security scheme      
      type: http      
      scheme: bearer      
      bearerFormat: JWT    # optional, arbitrary value for documentation purposes
# 2) Apply the security globally to all operations
security:  
  - bearerAuth: []         # use the same name as above

refer: https://swagger.io/docs/specification/authentication/bearer-authentication/

ghassanbarghout

Yes. I don't see much difference. Here is a copy of my security schemes. The top 2 are behaving exactly like the last one

  securitySchemes:
    bearerAuth_apigee:
      scheme: bearer
      type: http
      bearerFormat: JWT
    bearerAuth_auth0:
      scheme: bearer
      type: http
      bearerFormat: JWT
    api_key:
      type: apiKey
      name: x-api-key
      in: header
    basicAuth:
      type: http
      scheme: basic

Is it working for you?

Report Inappropriate Content

I didn't test this. Will let you know after testing.

Report Inappropriate Content

The below format works for me. I tried.

swagger: '2.0'
info:
  version: 1.0.0
  title: Based on "Basic Auth Example"
  description: >
    An example for how to use Auth with Swagger.

host: basic-auth-server.herokuapp.com
schemes:
  - http
  - https
securityDefinitions:
  Bearer:
    type: apiKey
    name: Authorization
    in: header
paths:
  /:
    get:
      security:
        - Bearer: []
      responses:
        '200':
          description: 'Will send `Authenticated`'
        '403':

description: 'You do not have necessary permissions for the resource'

ghassanbarghout

This works. Though not perfect, since I'd need to add the word Bearer before the token. But it's good enough. Thanks

ashishkumar16

The workaround worked for me as well but the solution is a little misleading for end users.

The Authorization window is showing API Key Auth instead of bearer Token.

byz

When using swagger: "2.0", the portal does not allow type: "http". Only basic, apiKey, oauth2 are allowed. Hence, the workaround is to use type: "apiKey" and name it as Bearer.

When using openapi: "3.0.x", the portal should allow type: "http" and scheme: "bearer" which accurately represents Bearer token auth.

The above behavior is consistent in Swagger Editor.

srimoushreshtha

I am facing one issue in apigeex portal - Authorize button is not visible when using OpenAPI 3.0.0 standard using SecuritySchemes. When I use the yaml in swagger editor it shows the Authorize button with all the schemes however APIGEEX Portal is not showing the authorize button. I do not want to use Swagger 2, I need to use OPANAPI 3.0.0 or above

Can anyone please help me.

dchiesa1

Please post a new question. click the button in the upper right corner.