I'm using Nodejs loopback 4 to build API project and using JWT token for authentication component. But when I explore built-in swagger of loopback (localhost:3000/explorer as default) then navigate to one of my API url, there is no input place for JWT Bearer Token. How can I config that let swagger display a JWT token input (that's just like it's display param query, request body input...) Thanks in advance
Hello from the LoopBack team 👋
Authentication in general, and token-based authentication in particular, is something we are currently working on.
The problem of enabling token input from API Explorer has been discussed in loopback-next#2210. swagger-ui, the module powering our REST API explorer, does support token-based authentication. It requires the OpenAPI spec document describing application's API to also describe the authentication (security) schema used by the app.
So essentially, either the framework or the application needs to modify the OpenAPI spec to include OpenAPI's SecuritySchemeObject.
First, the security strategy must be defined in securityDefinitions section that's shared by all endpoints:
securityDefinitions:
petstore_auth:
type: "oauth2"
authorizationUrl: "http://petstore.swagger.io/oauth/dialog"
flow: "implicit"
scopes:
write:pets: "modify pets in your account"
read:pets: "read your pets"
api_key:
type: "apiKey"
name: "api_key"
in: "header"
The example above uses "oauth2" type. For JWT, you need to use "apiKey" type.
With the security type defined, you can reference it from endpoint definitions:
security:
- petstore_auth:
- "write:pets"
- "read:pets"
The following GitHub issue is keeping track of the work needed to enable token based authentication in our REST API Explorer: loopback-next#2027. Feel free to subscribe to notifications or join the discussion there.
You may be interested in the following pull request too, it is adding support for JWT authentication to our Shopping example app: loopback4-example-shopping#26