skip to Main Content

While my end goal is to prevent Swagger UI from losing authentication upon browser reload, I believe I might have found a solution assuming swagger-ui parameters can be changed when using api-platform, and described it at the tail of this post.

A REST API uses Symfony, API-platform and authenticates using JWT and documentation is provided by swagger-ui. On the swagger-ui page, after submitting the apiKey, future requests include it in the header, however, if the browser is refreshed, the authorization token is lost.
enter image description here

There has been some discussion on this topic primarily on this github post and some on this stackoverflow post, and the general consensus seems to be that swagger-ui there is no "official" way to persist tokens.

Overall Swagger UI does not store tokens, and probably on purpose.
There is no switch to enable this, but looks like there are little
things that can be done to remember a token via cookie, local storage,
indexdb, etc and when the page is reloaded, populate the token back
in.

The swagger configuration documentation, however, appears to have an Authorization parameter which will allow the authorization data to be persisted upon browser refresh.

  • Parameter name: persistAuthorization
  • Docker variable: PERSIST_AUTHORIZATION
  • Description: Boolean=false. If set to true, it persists authorization data and it would not be lost on browser close/refresh

Assuming I correctly interpret the Swagger documentation, how can the persistAuthorization parameter be set to true?

When modifying config/api_platform.yaml to set persistAuthorization, I received errors Unrecognized option "persistAuthorization" under "api_platform.swagger.api_keys.apiKey". Available options are "name", "type". and Unrecognized option "persistAuthorization" under "api_platform.swagger". Available options are "api_keys", "versions".

api_platform:
    mapping:
        paths: ['%kernel.project_dir%/src/Entity']
    patch_formats:
        json: ['application/merge-patch+json']
    swagger:
        api_keys:
            apiKey:
                name: Authorization
                type: header
                # persistAuthorization: true
        versions: [3]
        # persistAuthorization: true

I then tried adding a config/swagger-conf.yaml file but received error There is no extension able to load the configuration for "persistAuthorization"

---
persistAuthorization: true

How can one prevent Swagger UI from losing authentication upon browser reload? How does one change a swagger-ui paramters when using API-Platform?

EDIT – NEW INFORMATION

Based on Tarun Lalwani’s comment, I found a workaround, however, it is still not ideal. API-Platform either creates public/bundles/apiplatform/init-swagger-ui.js or passes settings to it (I currently do not don’t which) based on some of the symfony/api-platform configuration settings. I expected these to be under api_platform.swagger, but after reviewing source code as well as api-platform configuration document, I still don’t know how to accomplish it (or even whether it is possible). My workaround was to edit this file directly. Since these bundle files are not typically tracked by git, will need to be sure to manually update. Also, I have some concern should api-platform ever modifies the file.

'use strict';

window.onload = function() {
    const ui = SwaggerUIBundle({
        ...
        persistAuthorization: true, <= Line 49
        ...
    });
};

api_platform.yaml is as follows, but the token is not being persisted.

api_platform:
    mapping:
        paths: ['%kernel.project_dir%/src/Entity']
    patch_formats:
        json: ['application/merge-patch+json']
    show_webby: false
    swagger:
        api_keys:
            apiKey:
                name: Authorization
                type: header
        versions: [3]
        swagger_ui_extra_configuration:
            persistAuthorization: true,

composer.json now shows "api-platform/core": "2.7.x-dev", but composer recipes api-platform/core still indicates that api-platform 2.5 is being used. I’ve tried using both PHP7.4 and PHP8. composer depends api-platform/core shows 2.7.x-dev, and I now swagger_ui_extra_configuration exists in the source code which is good, but still tokens are not being persisted.

[michael@devserver api_platform_test]$ composer recipes api-platform/core
name             : api-platform/core
version          : 2.5
status           : up to date
installed recipe : https://github.com/symfony/recipes/tree/7df6db4/api-platform/core/2.5
files            :

├──config
│  ├──packages
│  │  └──api_platform.yaml
│  └──routes
│     └──api_platform.yaml
└──src
   └──Entity
      └──.gitignore
[michael@devserver api_platform_test]$ composer show --tree api-platform/core
api-platform/core dev-main Build a fully-featured hypermedia or GraphQL API in minutes!
├──doctrine/inflector ^1.0 || ^2.0
│  └──php ^7.2 || ^8.0
├──fig/link-util ^1.0
│  ├──php >=8.0.0
│  └──psr/link ^1.1.0 | ^2.0.0
│     └──php >=8.0.0
├──php >=7.1
├──psr/cache ^1.0
│  └──php >=5.3.0
├──psr/container ^1.0
│  └──php >=7.2.0
├──symfony/http-foundation ^4.4 || ^5.1
│  ├──php >=7.2.5
│  ├──symfony/deprecation-contracts ^2.1
│  │  └──php >=7.1
│  ├──symfony/polyfill-mbstring ~1.1
│  │  └──php >=7.1
│  └──symfony/polyfill-php80 ^1.15
│     └──php >=7.1
├──symfony/http-kernel ^4.4 || ^5.1
│  ├──php >=7.2.5
│  ├──psr/log ~1.0
│  │  └──php >=5.3.0
│  ├──symfony/deprecation-contracts ^2.1
│  │  └──php >=7.1
│  ├──symfony/error-handler ^4.4|^5.0
│  │  ├──php >=7.2.5
│  │  ├──psr/log ^1.0
│  │  │  └──php >=5.3.0
│  │  ├──symfony/polyfill-php80 ^1.15
│  │  │  └──php >=7.1
│  │  └──symfony/var-dumper ^4.4|^5.0
│  │     ├──php >=7.2.5
│  │     ├──symfony/polyfill-mbstring ~1.0
│  │     │  └──php >=7.1
│  │     └──symfony/polyfill-php80 ^1.15
│  │        └──php >=7.1
│  ├──symfony/event-dispatcher ^5.0
│  │  ├──php >=7.2.5
│  │  ├──symfony/deprecation-contracts ^2.1
│  │  │  └──php >=7.1
│  │  ├──symfony/event-dispatcher-contracts ^2
│  │  │  ├──php >=7.2.5
│  │  │  └──psr/event-dispatcher ^1
│  │  │     └──php >=7.2.0
│  │  └──symfony/polyfill-php80 ^1.15
│  │     └──php >=7.1
│  ├──symfony/http-client-contracts ^1.1|^2
│  │  └──php >=7.2.5
│  ├──symfony/http-foundation ^4.4|^5.0
│  │  ├──php >=7.2.5
│  │  ├──symfony/deprecation-contracts ^2.1
│  │  │  └──php >=7.1
│  │  ├──symfony/polyfill-mbstring ~1.1
│  │  │  └──php >=7.1
│  │  └──symfony/polyfill-php80 ^1.15
│  │     └──php >=7.1
│  ├──symfony/polyfill-ctype ^1.8
│  ├──symfony/polyfill-php73 ^1.9
│  │  └──php >=7.1
│  └──symfony/polyfill-php80 ^1.15
│     └──php >=7.1
├──symfony/property-access ^3.4.19 || ^4.4 || ^5.1
│  ├──php >=7.2.5
│  ├──symfony/deprecation-contracts ^2.1
│  │  └──php >=7.1
│  ├──symfony/polyfill-php80 ^1.15
│  │  └──php >=7.1
│  └──symfony/property-info ^5.2
│     ├──php >=7.2.5
│     ├──symfony/deprecation-contracts ^2.1
│     │  └──php >=7.1
│     ├──symfony/polyfill-php80 ^1.15
│     │  └──php >=7.1
│     └──symfony/string ^5.1
│        ├──php >=7.2.5
│        ├──symfony/polyfill-ctype ~1.8
│        ├──symfony/polyfill-intl-grapheme ~1.0
│        │  └──php >=7.1
│        ├──symfony/polyfill-intl-normalizer ~1.0
│        │  └──php >=7.1
│        ├──symfony/polyfill-mbstring ~1.0
│        │  └──php >=7.1
│        └──symfony/polyfill-php80 ~1.15
│           └──php >=7.1
├──symfony/property-info ^3.4 || ^4.4 || ^5.2.1
│  ├──php >=7.2.5
│  ├──symfony/deprecation-contracts ^2.1
│  │  └──php >=7.1
│  ├──symfony/polyfill-php80 ^1.15
│  │  └──php >=7.1
│  └──symfony/string ^5.1
│     ├──php >=7.2.5
│     ├──symfony/polyfill-ctype ~1.8
│     ├──symfony/polyfill-intl-grapheme ~1.0
│     │  └──php >=7.1
│     ├──symfony/polyfill-intl-normalizer ~1.0
│     │  └──php >=7.1
│     ├──symfony/polyfill-mbstring ~1.0
│     │  └──php >=7.1
│     └──symfony/polyfill-php80 ~1.15
│        └──php >=7.1
├──symfony/serializer ^4.4 || ^5.1
│  ├──php >=7.2.5
│  ├──symfony/polyfill-ctype ~1.8
│  └──symfony/polyfill-php80 ^1.15
│     └──php >=7.1
├──symfony/web-link ^4.4 || ^5.1
│  ├──php >=7.2.5
│  └──psr/link ^1.0
│     └──php >=8.0.0
└──willdurand/negotiation ^2.0.3 || ^3.0
   └──php >=7.1.0
[michael@devserver api_platform_test]$ php80 /usr/local/bin/composer show --tree api-platform/core
api-platform/core dev-main Build a fully-featured hypermedia or GraphQL API in minutes!
├──doctrine/inflector ^1.0 || ^2.0
│  └──php ^7.2 || ^8.0
├──fig/link-util ^1.0
│  ├──php >=8.0.0
│  └──psr/link ^1.1.0 | ^2.0.0
│     └──php >=8.0.0
├──php >=7.1
├──psr/cache ^1.0
│  └──php >=5.3.0
├──psr/container ^1.0
│  └──php >=7.2.0
├──symfony/http-foundation ^4.4 || ^5.1
│  ├──php >=7.2.5
│  ├──symfony/deprecation-contracts ^2.1
│  │  └──php >=7.1
│  ├──symfony/polyfill-mbstring ~1.1
│  │  └──php >=7.1
│  └──symfony/polyfill-php80 ^1.15
│     └──php >=7.1
├──symfony/http-kernel ^4.4 || ^5.1
│  ├──php >=7.2.5
│  ├──psr/log ~1.0
│  │  └──php >=5.3.0
│  ├──symfony/deprecation-contracts ^2.1
│  │  └──php >=7.1
│  ├──symfony/error-handler ^4.4|^5.0
│  │  ├──php >=7.2.5
│  │  ├──psr/log ^1.0
│  │  │  └──php >=5.3.0
│  │  ├──symfony/polyfill-php80 ^1.15
│  │  │  └──php >=7.1
│  │  └──symfony/var-dumper ^4.4|^5.0
│  │     ├──php >=7.2.5
│  │     ├──symfony/polyfill-mbstring ~1.0
│  │     │  └──php >=7.1
│  │     └──symfony/polyfill-php80 ^1.15
│  │        └──php >=7.1
│  ├──symfony/event-dispatcher ^5.0
│  │  ├──php >=7.2.5
│  │  ├──symfony/deprecation-contracts ^2.1
│  │  │  └──php >=7.1
│  │  ├──symfony/event-dispatcher-contracts ^2
│  │  │  ├──php >=7.2.5
│  │  │  └──psr/event-dispatcher ^1
│  │  │     └──php >=7.2.0
│  │  └──symfony/polyfill-php80 ^1.15
│  │     └──php >=7.1
│  ├──symfony/http-client-contracts ^1.1|^2
│  │  └──php >=7.2.5
│  ├──symfony/http-foundation ^4.4|^5.0
│  │  ├──php >=7.2.5
│  │  ├──symfony/deprecation-contracts ^2.1
│  │  │  └──php >=7.1
│  │  ├──symfony/polyfill-mbstring ~1.1
│  │  │  └──php >=7.1
│  │  └──symfony/polyfill-php80 ^1.15
│  │     └──php >=7.1
│  ├──symfony/polyfill-ctype ^1.8
│  ├──symfony/polyfill-php73 ^1.9
│  │  └──php >=7.1
│  └──symfony/polyfill-php80 ^1.15
│     └──php >=7.1
├──symfony/property-access ^3.4.19 || ^4.4 || ^5.1
│  ├──php >=7.2.5
│  ├──symfony/deprecation-contracts ^2.1
│  │  └──php >=7.1
│  ├──symfony/polyfill-php80 ^1.15
│  │  └──php >=7.1
│  └──symfony/property-info ^5.2
│     ├──php >=7.2.5
│     ├──symfony/deprecation-contracts ^2.1
│     │  └──php >=7.1
│     ├──symfony/polyfill-php80 ^1.15
│     │  └──php >=7.1
│     └──symfony/string ^5.1
│        ├──php >=7.2.5
│        ├──symfony/polyfill-ctype ~1.8
│        ├──symfony/polyfill-intl-grapheme ~1.0
│        │  └──php >=7.1
│        ├──symfony/polyfill-intl-normalizer ~1.0
│        │  └──php >=7.1
│        ├──symfony/polyfill-mbstring ~1.0
│        │  └──php >=7.1
│        └──symfony/polyfill-php80 ~1.15
│           └──php >=7.1
├──symfony/property-info ^3.4 || ^4.4 || ^5.2.1
│  ├──php >=7.2.5
│  ├──symfony/deprecation-contracts ^2.1
│  │  └──php >=7.1
│  ├──symfony/polyfill-php80 ^1.15
│  │  └──php >=7.1
│  └──symfony/string ^5.1
│     ├──php >=7.2.5
│     ├──symfony/polyfill-ctype ~1.8
│     ├──symfony/polyfill-intl-grapheme ~1.0
│     │  └──php >=7.1
│     ├──symfony/polyfill-intl-normalizer ~1.0
│     │  └──php >=7.1
│     ├──symfony/polyfill-mbstring ~1.0
│     │  └──php >=7.1
│     └──symfony/polyfill-php80 ~1.15
│        └──php >=7.1
├──symfony/serializer ^4.4 || ^5.1
│  ├──php >=7.2.5
│  ├──symfony/polyfill-ctype ~1.8
│  └──symfony/polyfill-php80 ^1.15
│     └──php >=7.1
├──symfony/web-link ^4.4 || ^5.1
│  ├──php >=7.2.5
│  └──psr/link ^1.0
│     └──php >=8.0.0
└──willdurand/negotiation ^2.0.3 || ^3.0
   └──php >=7.1.0
[michael@devserver api_platform_test]$ php80 /usr/local/bin/composer recipes api-platform/core
name             : api-platform/core
version          : 2.5
status           : up to date
installed recipe : https://github.com/symfony/recipes/tree/7df6db4/api-platform/core/2.5
files            :

├──config
│  ├──packages
│  │  └──api_platform.yaml
│  └──routes
│     └──api_platform.yaml
└──src
   └──Entity
      └──.gitignore
[michael@devserver api_platform_test]$

2

Answers


  1. You can for now use the dev version

    composer require "api-platform/core:2.7.x-dev"
    

    And then use the swagger_ui_extra_configuration which was added as a part of below pull request

    https://github.com/api-platform/core/pull/3731

    Login or Signup to reply.
  2. you can update your config like this to persist the jwt token during reload:

    #api/config/packages/api_platform.yaml

    api_platform:
        swagger:
            api_keys:
                JWT:
                    name: Authorization
                    type: header
            swagger_ui_extra_configuration:
                persistAuthorization: true
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search