Unable to import openapi 3 spec with bearer auth

1

I'm unable to import my openapi spec which has bearer auth configured. I get the following error:
Your API was not imported due to errors in the Swagger file.
Unsupported security definition type 'http' for 'bearerAuth'. Ignoring.

This error can be reproduced with a trivial example openapi spec shown below:

openapi: '3.0.0'
info:
  version: '1.0.0'
  title: 'Test AWS API Gateway'

servers:
  - url: https://example.mydomain.com/v1
paths:
  /test:
    get:
      summary: Returns test data
      operationId: getTestData
      responses:
        '200':
          description: Returns test data
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/testresponse'
components:
  securitySchemes:
    bearerAuth:
      type: http
      scheme: bearer
      bearerFormat: JWT
      
  schemas:
    testresponse:
      type: object
      properties:
        test:
          type: string
          example: 'test1'
security:
  - bearerAuth: []

Is type http not supported in AWS API Gateway?
The bearerAuth definition is taken from the openapi docs: https://swagger.io/docs/specification/authentication/bearer-authentication/

Whats wrong with the spec I posted above and how do I make the import work? (I do NOT want to ignore errors as I want the auth to work)

已提問 5 年前檢視次數 3324 次
2 個答案
2

You have to use: type: apiKey

While the more specifcation-compliant http is accepted by the OpenAPI spec validator, it simply doesn't work. API Gateway only supports apiKey in this context.

You can leave the other options there, they don't seem to do any harm. But you should also specify the name of the Authorization header.

Example that will also create the authorizer for you:

  securitySchemes:
    bearerAuth:
      type: apiKey
      scheme: bearer
      bearerFormat: JWT
      name: Authorization
      in: header
      x-amazon-apigateway-authtype: custom
      x-amazon-apigateway-authorizer:
        type: token
        authorizerCredentials: ${authorizerCredentials}
        authorizerUri: ${authorizerUri}
已回答 4 年前
1

Bumping this.

Just spent a good 3 hours on solving this. Like the answer suggests, apiKey indeed does work.

But how the hell is API-Gateway OpenAPI 3.^ compliant if it does not support basic open API securiySchemes?

On top of this, AWS API-Gateway supports both Request and Token based authentication. How am I supposed to achieve request auth programmatically without this construct present?

  securitySchemes:
    LambdaAuth:
      type: apiKey
      bearerFormat: JWT
      name: Authorization
      in: header
      scheme: bearer
      x-amazon-apigateway-authtype: custom
      x-amazon-apigateway-authorizer:
        type: request
        identitySource : method.request.header.Authorization
        authorizerUri: !Sub  "arn:aws:apigateway:${AWS::Region}:lambda:path/2015-03-31/${lambdaARN}/invocations"

If I use request here, the whole thing keep failing coz I cannot have the basic construct.

已回答 4 年前
  • That's the neat part @anirudhr, it isn't, and never has been for some reason. Frustratingly so

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南