Security type http, scheme bearer, bearerFormat JWT detected as basic?

oas3
(Jprevost) #1

I believe this syntax should work according to the OAS3 spec, but is detected as basic auth in Stoplight.

 "components": {
   "securitySchemes": {
     "jwtAuth": {
       "type": "http",
       "scheme": "bearer",
       "bearerFormat": "JWT"
     }
   },
(Jprevost) #2

Reference to where I got the syntax from:
https://swagger.io/docs/specification/authentication/bearer-authentication/

(Taylor Barnett) #3

Yup! That looks like it is a bug. I’m opening up something internally for it right now.

1 Like
(Brian) #4

Is there any followup on this bug? I am still running into this issue.

(Jason Judge) #5

Having the same problem here. Without auth supported (we need Bearer token support), this is a blocker on a current project. Were there any updates?

Using this in the spec:

"securitySchemes": {
  "bearerAuth": {
    "type": "http",
    "scheme": "bearer",
    "bearerFormat": "api_token"
  }
}

Getting this in the request:

Headers:
Authorization: Basic eyQkLmVudi...snip...=

Should be:

Headers:
Authorization: Bearer eyQkLmVudi...snip...
(Taylor Barnett) #6

Hey @jason.judge! We’re going to try to work this into the next sprint in June. Hopefully we can fix that up.