OpenDaylight JIRA https://jira.opendaylight.org This file is an XML representation of an issue en-us 8.20.10 820010 22-06-2022 [NETCONF-990] Explore swagger authentication feature https://jira.opendaylight.org/browse/NETCONF-990 netconf <p>We can explore swagger authentication feature according to <a href="https://swagger.io/docs/specification/authentication/" class="external-link" target="_blank" rel="nofollow noopener">https://swagger.io/docs/specification/authentication/.</a> This way we could be able to make our swagger UI to show <b>Authorize</b> button as seen at <a href="https://petstore3.swagger.io/" class="external-link" target="_blank" rel="nofollow noopener">https://petstore3.swagger.io/.</a></p> <p>We hope that in the future, we can make our swagger UI to be available for browsing without requiring credentials, and credentials will be attached only when user wants to try some requests.</p> NETCONF-990 Explore swagger authentication feature New Feature Medium Resolved Done Ivan Hrasko Ivan Hrasko Wed, 12 Apr 2023 08:55:58 +0000 Thu, 22 Jun 2023 10:55:40 +0000 Wed, 19 Apr 2023 12:24:10 +0000 5.0.5 restconf-openapi 0 2 <p>We were able to apply <b>security</b> tag for every example shown by swagger UI (version OpenAPI2 and version ApenAPI3). It makes <b>Authorize</b> button visible and offers <b>basicAuth</b> option. When user authorizes then every request send using swagger UI contains Authorization header with basic auth.</p> <p>By default when (default ODL) basic shiro filter is used to secure both swagger UI and restconf interface user does not need to be authorized because session cookie is in place. But in situation when other filters are configured to be used (ODL allows to register additional filters) and basic shiro filter is turned off it allows to provide authorization header in the request as potentially required by that 3rd party filter.</p> <p>This is especially useful when 3rd party filter does not provide login page in case of missing credentials (basic shiro filter prompts for credentials by default). In this case using <b>Authorize</b> button is the only possibility to authorize requests - otherwise they will get 401.</p> <p>For now we have implemented <b>basicAuth</b>. Later we can add others methods as defined in <a href="https://swagger.io/docs/specification/authentication/" class="external-link" target="_blank" rel="nofollow noopener">https://swagger.io/docs/specification/authentication/</a> as well.</p> Relates NETCONF-1064 Development Rank 0|i044sv: