Search code examples
node.jsswagger-uiopenapi

How to send more than one cookie in header using Swagger UI?

I'm documenting and API written in Node, using OpenAPI and Swagger UI. The API uses authentication by API keys in cache. I have configured global cookie authentication in my OpenAPI definition. The problem is that it only sends one cookie with the petitions, and I need to send three. When I send the request using Swagger UI, the cookie header is sent using the following format: "cookie1=value; cookie2=value".

I tried to create three global security schemes, one for each cookie I need to send, and I managed to do it, but Swagger UI sends the cookie header using the following format: "cookie1=value&cookie2=value" and it returns an authentication error even with the proper values.

This is the configuration in my swagger.json:

...
"components": {
  "securitySchemes": {
    "cookieAuth": {
      "name": "user",
      "type": "apiKey",
      "in": "cookie"
    }
  }
},
"security": [
  {
    "cookieAuth": []
  }
],
...

And this is the second approach I tried:

...
"components": {
  "securitySchemes": {
    "user": {
      "name": "user",
      "type": "apiKey",
      "in": "cookie"
    },
    "password": {
      "name": "user",
      "type": "apiKey",
      "in": "cookie"
    },
    "hashFunc": {
      "name": "user",
      "type": "apiKey",
      "in": "cookie"
    }
  }
},
"security": [
  {
    "user": [],
    "password": [],
    "hashFunc": []
  }
],
...

What I really need is to know how to configure this so that Swagger UI will interpret it in the same format as the browser.

Solution

  • Finally we managed this issue as follows:

    Login endpoint needs to be user as first, with valid values, that are stored as cookies, and then they can test any of the remaining endpoints, that will use the stored cookies. The logout will clear the stored cookies.

    This is how swagger configuration was in the end:

    /**
 *  @swagger
 *  definitions:
 *    loginObj:
 *      type: object
 *      properties:
 *        user: string
 *        password: string
 *        hashFunction: string
 */

/**
 *  @swagger
 *  /login:
 *    post:
 *        summary: Requests for authentication for a given user and password
 *        requestBody:
 *          required: true
 *          content:
 *            'application/json':
 *              schema:
 *                $ref: '#/definitions/loginObj'
 *              example:
 *                user: user
 *                password: password
 *                hashFunction: plain/sha256
 *        responses:
 *          "200":
 *            description: >
 *              Returns success response with a data value as true.
 *              The login information cookie is returned to the cookie header. You need to include this cookie in subsequent requests.
 *            headers:
 *              Set-Cookie:
 *                schema:
 *                  type: string
 *                  example: user=user; password=12345; hashFunction=sha256
 *          "500":
 *            description: Returns standard error with an `errorMsg` on failure.
 */