Unable to import openapi 3 spec with bearer auth

Question

I'm unable to import my openapi spec which has bearer auth configured. I get the following error:  
**Your API was not imported due to errors in the Swagger file.**  
**Unsupported security definition type 'http' for 'bearerAuth'. Ignoring.**  
  
This error can be reproduced with a trivial example openapi spec shown below:

```
openapi: '3.0.0'
info:
  version: '1.0.0'
  title: 'Test AWS API Gateway'

servers:
  - url: https://example.mydomain.com/v1
paths:
  /test:
    get:
      summary: Returns test data
      operationId: getTestData
      responses:
        '200':
          description: Returns test data
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/testresponse'
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      
  schemas:
    testresponse:
      type: object
      properties:
        test:
          type: string
          example: 'test1'
security:
  - bearerAuth: []
```

Is **type** _http_ not supported in AWS API Gateway?  
The bearerAuth definition is taken from the openapi docs: https://swagger.io/docs/specification/authentication/bearer-authentication/  
  
Whats wrong with the spec I posted above and how do I make the import work? (I do NOT want to ignore errors as I want the auth to work)

Answer

You have to use: **type: apiKey**  
  
While the more specifcation-compliant **http** is accepted by the OpenAPI spec validator, it simply doesn't work. API Gateway only supports **apiKey** in this context.  
  
You can leave the other options there, they don't seem to do any harm. But you should also specify the name of the Authorization header.  
  
Example that will also create the authorizer for you:

```
  securitySchemes:
    bearerAuth:
      type: apiKey
      scheme: bearer
      bearerFormat: JWT
      name: Authorization
      in: header
      x-amazon-apigateway-authtype: custom
      x-amazon-apigateway-authorizer:
        type: token
        authorizerCredentials: ${authorizerCredentials}
        authorizerUri: ${authorizerUri}
```

Answer

Bumping this.

Just spent a good 3 hours on solving this. Like the answer suggests, apiKey indeed does work.  
  
But how the hell is API-Gateway OpenAPI 3.^ compliant if it does not support basic open API securiySchemes?  
  
On top of this, AWS API-Gateway supports both Request and Token based authentication. How am I supposed to achieve request auth programmatically without this construct present?

```
  securitySchemes:
    LambdaAuth:
      type: apiKey
      bearerFormat: JWT
      name: Authorization
      in: header
      scheme: bearer
      x-amazon-apigateway-authtype: custom
      x-amazon-apigateway-authorizer:
        type: request
        identitySource : method.request.header.Authorization
        authorizerUri: !Sub  "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/${lambdaARN}/invocations"
```

If I use request here, the whole thing keep failing coz I cannot have the basic construct.

Unable to import openapi 3 spec with bearer auth

相關內容