Authorization headers aren't specified in Swagger.json

[Aleksion]

Currently we're using the swagger generated by grpc-gateway to generate client sdk's. And it works splendidly until we add authorization to the mix. Since the outputted swagger doesn't contain information regarding headers or authorization, neither does the outputted SDK's.

That means they're essentially useless (at least it is in typescript), since the headers can't be added globally.

A example of what's needed in swagger can be found here:
http://stackoverflow.com/questions/32910065/how-can-i-represent-authorization-bearer-token-in-a-swagger-spec-swagger-j

I'm new to grpc-gateway, so I might be missing something obvious.

[tmc]

I think several folks post-process the generated swagger docs and merge in overrides. That said contributions in the form of allowing greater control of openapi output are welcomed.

As an example, I merge together multiple services as:

   cat *.swagger.json | jq --slurp 'reduce .[] as $$item ({}; . * $$item)' > apis.json

but with a lexigraphically-last file with overrides (zlast.swagger.json)

[Aleksion]

Thanks Travis!
That was exactly what we ended up doing.
If we can't generalize it, we'll try to get something added back to this repo.
If this works out for us, I imagine us using this on a lot of projects going forward.

[mayank-dixit]

It can be done using openapiv2_swagger option (ref)

option (grpc.gateway.protoc_gen_swagger.options.openapiv2_swagger) = {
	security_definitions: {
		security: {
			key: "BasicAuth";
			value: {
				type: TYPE_BASIC;
			}
		}
	}
}

Then add security header reqs in all services wherever needed (ref)

option (grpc.gateway.protoc_gen_swagger.options.openapiv2_operation) = {
	security: {
		security_requirement: {
			key: "ApiKeyAuth";
			value: {}
		}
};

Don't forget to import "protoc-gen-swagger/options/annotations.proto";