Unable to import openapi 3 spec with bearer auth

1

I'm unable to import my openapi spec which has bearer auth configured. I get the following error:
Your API was not imported due to errors in the Swagger file.
Unsupported security definition type 'http' for 'bearerAuth'. Ignoring.

This error can be reproduced with a trivial example openapi spec shown below:

openapi: '3.0.0'
info:
  version: '1.0.0'
  title: 'Test AWS API Gateway'

servers:
  - url: https://example.mydomain.com/v1
paths:
  /test:
    get:
      summary: Returns test data
      operationId: getTestData
      responses:
        '200':
          description: Returns test data
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/testresponse'
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      
  schemas:
    testresponse:
      type: object
      properties:
        test:
          type: string
          example: 'test1'
security:
  - bearerAuth: []

Is type http not supported in AWS API Gateway?
The bearerAuth definition is taken from the openapi docs: https://swagger.io/docs/specification/authentication/bearer-authentication/

Whats wrong with the spec I posted above and how do I make the import work? (I do NOT want to ignore errors as I want the auth to work)

2 Risposte
2

You have to use: type: apiKey

While the more specifcation-compliant http is accepted by the OpenAPI spec validator, it simply doesn't work. API Gateway only supports apiKey in this context.

You can leave the other options there, they don't seem to do any harm. But you should also specify the name of the Authorization header.

Example that will also create the authorizer for you:

  securitySchemes:
    bearerAuth:
      type: apiKey
      scheme: bearer
      bearerFormat: JWT
      name: Authorization
      in: header
      x-amazon-apigateway-authtype: custom
      x-amazon-apigateway-authorizer:
        type: token
        authorizerCredentials: ${authorizerCredentials}
        authorizerUri: ${authorizerUri}
con risposta 4 anni fa
1

Bumping this.

Just spent a good 3 hours on solving this. Like the answer suggests, apiKey indeed does work.

But how the hell is API-Gateway OpenAPI 3.^ compliant if it does not support basic open API securiySchemes?

On top of this, AWS API-Gateway supports both Request and Token based authentication. How am I supposed to achieve request auth programmatically without this construct present?

  securitySchemes:
    LambdaAuth:
      type: apiKey
      bearerFormat: JWT
      name: Authorization
      in: header
      scheme: bearer
      x-amazon-apigateway-authtype: custom
      x-amazon-apigateway-authorizer:
        type: request
        identitySource : method.request.header.Authorization
        authorizerUri: !Sub  "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/${lambdaARN}/invocations"

If I use request here, the whole thing keep failing coz I cannot have the basic construct.

con risposta 4 anni fa
  • That's the neat part @anirudhr, it isn't, and never has been for some reason. Frustratingly so

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande