Unable to import openapi 3 spec with bearer auth

1

I'm unable to import my openapi spec which has bearer auth configured. I get the following error:
Your API was not imported due to errors in the Swagger file.
Unsupported security definition type 'http' for 'bearerAuth'. Ignoring.

This error can be reproduced with a trivial example openapi spec shown below:

openapi: '3.0.0'
info:
  version: '1.0.0'
  title: 'Test AWS API Gateway'

servers:
  - url: https://example.mydomain.com/v1
paths:
  /test:
    get:
      summary: Returns test data
      operationId: getTestData
      responses:
        '200':
          description: Returns test data
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/testresponse'
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      
  schemas:
    testresponse:
      type: object
      properties:
        test:
          type: string
          example: 'test1'
security:
  - bearerAuth: []

Is type http not supported in AWS API Gateway?
The bearerAuth definition is taken from the openapi docs: https://swagger.io/docs/specification/authentication/bearer-authentication/

Whats wrong with the spec I posted above and how do I make the import work? (I do NOT want to ignore errors as I want the auth to work)

2 Antworten
2

You have to use: type: apiKey

While the more specifcation-compliant http is accepted by the OpenAPI spec validator, it simply doesn't work. API Gateway only supports apiKey in this context.

You can leave the other options there, they don't seem to do any harm. But you should also specify the name of the Authorization header.

Example that will also create the authorizer for you:

  securitySchemes:
    bearerAuth:
      type: apiKey
      scheme: bearer
      bearerFormat: JWT
      name: Authorization
      in: header
      x-amazon-apigateway-authtype: custom
      x-amazon-apigateway-authorizer:
        type: token
        authorizerCredentials: ${authorizerCredentials}
        authorizerUri: ${authorizerUri}
beantwortet vor 4 Jahren
1

Bumping this.

Just spent a good 3 hours on solving this. Like the answer suggests, apiKey indeed does work.

But how the hell is API-Gateway OpenAPI 3.^ compliant if it does not support basic open API securiySchemes?

On top of this, AWS API-Gateway supports both Request and Token based authentication. How am I supposed to achieve request auth programmatically without this construct present?

  securitySchemes:
    LambdaAuth:
      type: apiKey
      bearerFormat: JWT
      name: Authorization
      in: header
      scheme: bearer
      x-amazon-apigateway-authtype: custom
      x-amazon-apigateway-authorizer:
        type: request
        identitySource : method.request.header.Authorization
        authorizerUri: !Sub  "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/${lambdaARN}/invocations"

If I use request here, the whole thing keep failing coz I cannot have the basic construct.

beantwortet vor 4 Jahren
  • That's the neat part @anirudhr, it isn't, and never has been for some reason. Frustratingly so

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen