Support for Bearer Token

[pedrorjbr]

I am getting this error using it on my fastapi application.

{"errors":[{"status":422,"title":"Input should be 'apiKey', 'basic' or 'oauth2'","detail":"Check this field (securityDefinitions -> HTTPBearer -> BasicAuth -> type) for errors."},{"status":422,"title":"Input should be 'apiKey', 'basic' or 'oauth2'","detail":"Check this field (securityDefinitions -> HTTPBearer -> APIKey -> type) for errors."},{"status":422,"title":"Field required","detail":"The field securityDefinitions -> HTTPBearer -> APIKey -> in is required and cannot be missing."},{"status":422,"title":"Field required","detail":"The field securityDefinitions -> HTTPBearer -> APIKey -> name is required and cannot be missing."},{"status":422,"title":"Input should be 'apiKey', 'basic' or 'oauth2'","detail":"Check this field (securityDefinitions -> HTTPBearer -> OAuth2Implicit -> type) for errors."},{"status":422,"title":"Field required","detail":"The field securityDefinitions -> HTTPBearer -> OAuth2Implicit -> flow is required and cannot be missing."},{"status":422,"title":"Field required","detail":"The field securityDefinitions -> HTTPBearer -> OAuth2Implicit -> authorizationUrl is required and cannot be missing."},{"status":422,"title":"Input should be 'apiKey', 'basic' or 'oauth2'","detail":"Check this field (securityDefinitions -> HTTPBearer -> OAuth2Password -> type) for errors."},{"status":422,"title":"Field required","detail":"The field securityDefinitions -> HTTPBearer -> OAuth2Password -> flow is required and cannot be missing."},{"status":422,"title":"Field required","detail":"The field securityDefinitions -> HTTPBearer -> OAuth2Password -> tokenUrl is required and cannot be missing."},{"status":422,"title":"Input should be 'apiKey', 'basic' or 'oauth2'","detail":"Check this field (securityDefinitions -> HTTPBearer -> OAuth2Application -> type) for errors."},{"status":422,"title":"Field required","detail":"The field securityDefinitions -> HTTPBearer -> OAuth2Application -> flow is required and cannot be missing."},{"status":422,"title":"Field required","detail":"The field securityDefinitions -> HTTPBearer -> OAuth2Application -> tokenUrl is required and cannot be missing."},{"status":422,"title":"Input should be 'apiKey', 'basic' or 'oauth2'","detail":"Check this field (securityDefinitions -> HTTPBearer -> OAuth2AccessCode -> type) for errors."},{"status":422,"title":"Field required","detail":"The field securityDefinitions -> HTTPBearer -> OAuth2AccessCode -> flow is required and cannot be missing."},{"status":422,"title":"Field required","detail":"The field securityDefinitions -> HTTPBearer -> OAuth2AccessCode -> authorizationUrl is required and cannot be missing."},{"status":422,"title":"Field required","detail":"The field securityDefinitions -> HTTPBearer -> OAuth2AccessCode -> tokenUrl is required and cannot be missing."},{"status":422,"title":"Field required","detail":"The field securityDefinitions -> HTTPBearer -> Reference -> $ref is required and cannot be missing."}]}

[virajkanwade]

@pedrorjbr what is the version of fastapi and fastapi-swagger2?

[virajkanwade]

@pedrorjbr I am not able to reproduce it with latest versions.
Can you please share version details and sample code?

[pedrorjbr]

This is OpenAPI Json (openapi:3.1.0)
https://api.navigation.carecode.com.br/v1/openapi.json

FastApi Version: fastapi==0.111.0

[virajkanwade]

Ahh got it.
HTTP Bearer auth is the issue.
OpenAPI spec 2.0 only supports "basic", "apiKey" or "oauth2".
https://swagger.io/specification/v2/#security-scheme-object

Need to figure out an alternative or atleast handle the error.

[virajkanwade]

@pedrorjbr Please use #v0.2.4, It will skip security definitions that are not supported by swagger 2.0 and not crash.

[pedrorjbr]

@virajkanwade
Leveraging your experience, my use case is exactly about using the GCP API Gateway and its lack of support for OpenAPI 3. During the CI/CD cycle, I will use the following steps:

Use fastapi_swagger2 to generate the Swagger 2.
From the swagger.json file, I inject the necessary changes, such as the authentication I will use on the GCP API Gateway.
Use an infrastructure as code tool, like Terraform/Pulumi, and apply the changes on GCP.
Well, my question is:
How and where should I expose the API documentation, the OpenAPI file? Could I use the Swagger 2 from step 2 and expose it through a FastAPI route? Would that be the correct way? How would you recommend doing it?

[virajkanwade]

@pedrorjbr
General recommendation is never expose the api spec on a production app, unless you are a public api. But even in that case you should only expose the required APIs.

In my case, it was pretty straightforward for me. In the CI/CD pipeline, I added an env var for local. I used to expose both the specs when env var was set to local.
Then using curl, download and save the swagger2 json and using GCP interface in the workflow, upload the spec to APIGW.

In your case, the auth customization you do, if you can automate it, you could do it in a similar way.

Hope this helps.