[BUG] SecurityScheme(name="auth_apiKey)

[bekishev04]

I dont know this is bug of spec_tree or openapi.

I use SecurityScheme like here https://github.com/0b01001001/spectree/blob/master/tests/common.py#L84. But when i use this scheme and I register the token in the documentation (/apidoc/swagger). The token is not in the headers. I dont see it anywhere

Code example

from collections import OrderedDict

from flask import Flask
from flask_cors import CORS
from pydantic import EmailStr
from spectree import SpecTree
from spectree.config import Contact
from spectree.models import (
    Server,
    SecurityScheme,
    SecuritySchemeData,
    SecureType,
)

from ..config import cfg
from ..database import db, migrate


spec_tree = SpecTree(
    "flask",
    mode="strict",
    title="Docs AuthService API",
    version=cfg.API_VERSION,
    annotations=True,
    contact=Contact(
        name="Бекишев Матвей",
        email=EmailStr("[email protected]"),
    ),
    servers=[
        Server(
            url="http://127.0.0.1:5555/",
            description="Local Server",
        ),
    ],
    security_schemes=[
        SecurityScheme(
            # todo баг библиотеки
            name="auth_apiKey",
            data={"type": "apiKey", "name": "Authorization", "in": "header"},
        ),
        # SecurityScheme(
        #     name="ApiKey",
        #     data=SecuritySchemeData(
        #         type=SecureType.HTTP,
        #         description="Access Token in AuthService API",
        #         scheme="bearer",
        #         bearerFormat="UUID",
        #     ),
        # ),
    ],
    security=dict(
        ApiKey=[],
    ),
)

[kemingy]

I'm using the examples/security_demo.py.

You can login through the swagger frontend at http://localhost:8000/apidoc/swagger/#/default/post__ping and print the header in the /ping.

It should work. Let me know if you have any trouble.

This is what I got:

Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://localhost:8000/apidoc/swagger/
Authorization: Bearer xxx
Content-Type: application/json
Content-Length: 22
Origin: http://localhost:8000
Dnt: 1
Connection: keep-alive
Cookie: username-localhost-8888="2|1:0|10:1666666042|23:username-localhost-8888|44:MTM4NzkxZTUyY2JhNDJiOGE3ZDg3NWFiNjBiM2RlMjM=|b57b7f546745531bc5b4ac75da440be99c2ad345cff729ea90440216efd9a320"; _xsrf=2|02b02586|d92ca8e29efa72bfc7e3c02bccfd6a1f|1660811169
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Sec-Gpc: 1

You can see the Authorization: Bearer xxx.

[bekishev04]

If i use Bearer token i have not the problem. I see it in headers. But i try to use

SecurityScheme(
            # todo баг библиотеки
            name="auth_apiKey",
            data={"type": "apiKey", "name": "Authorization", "in": "header"},
        ), 

And i don't see that in header

[kemingy]

Still cannot reproduce with the examples/security_demo.py.

Host: localhost:8000
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: http://localhost:8000/apidoc/swagger/
Partner-Id: pid
Partner-Access-Token: ptoken
Content-Type: application/json
Content-Length: 22
Origin: http://localhost:8000
Dnt: 1
Connection: keep-alive
Cookie: username-localhost-8888="2|1:0|10:1667745583|23:username-localhost-8888|44:N2I1ZTI5MzIzNzE5NGU0OGFmYzMzNjhkNDFkMTY5MjA=|015080c328fdbb0380d3830b1df55e6270984fd6b1db87b5be559ddd8c3bd269"; _xsrf=2|02b02586|d92ca8e29efa72bfc7e3c02bccfd6a1f|1660811169
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Sec-Gpc: 1

I can get the Partner-Id and Partner-Access-Token (type=apiKey).