OpenAPI Swagger API not sending "Authorization" header along the API call

Question

Environment :

• Java 17
• Service is on Spring Boot 3
• OpenAPI dependencies : 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.1.0', 'org.springdoc:springdoc-openapi-starter-common:2.1.0', 'org.springdoc:springdoc-openapi-ui:1.7.0',

I am trying to send a value through the header, but looking at the chrome dev console, the API call does not have the headers in the request. (FYI : The API was working fine with the headers before upgrading from springfox to openapi)

---

---

When sending other headers types, I can see in the Chrome dev console. For example :

API Definition :

@GetMapping(value = "somevalue")
@Operation(summary = "Get something")
@Parameters({
    @Parameter(
        name = "authorization1",
        description = "Access Token",
        required = true,
        in = ParameterIn.HEADER,
        schema = @Schema(implementation = String.class),
        example = "12345"),
    @Parameter(
        name = "code",
        description = "Code",
        required = true,
        in = ParameterIn.HEADER,
        schema = @Schema(allowableValues = {"A", "B", "C", "D"})
    )
})
public List<IIRDto> getII(
    @Parameter(required = true) @NotNull @RequestParam List<Long> idsOfSomething
) {
    // CODE
}

---

But when the header name is "authorization" it doesnt show up in the request headers.

API Definition :

@GetMapping(value = "somevalue")
@Operation(summary = "Get something")
@Parameters({
    @Parameter(
        name = "authorization",
        description = "Access Token",
        required = true,
        in = ParameterIn.HEADER,
        schema = @Schema(implementation = String.class),
        example = "12345"),
    @Parameter(
        name = "code",
        description = "Code",
        required = true,
        in = ParameterIn.HEADER,
        schema = @Schema(allowableValues = {"A", "B", "C", "D"})
    )
})
public List<IIRDto> getII(
    @Parameter(required = true) @NotNull @RequestParam List<Long> idsOfSomething
) {
    // CODE
}

Please let me know your suggestions to pass authorization headers from UI.

Answer 1

The Authorization header can be added globally to all APIs through the OpenApi bean, as follows:

@Configuration
public class OpenApiConfig {
  @Bean
  public OpenAPI openAPI() {
    final String securitySchemeName = "bearer-key";
    return new OpenAPI()
        .addSecurityItem(new SecurityRequirement().addList(securitySchemeName))
        .components(
            new Components()
                .addSecuritySchemes(securitySchemeName,
                    new SecurityScheme()
                        .name(securitySchemeName)
                        .type(SecurityScheme.Type.HTTP)
                        .scheme("bearer")
                        .bearerFormat("JWT")
                )
        );
  }
}

After that, a small lock icon will appear on the right side of the APIs and if clicked the authorization popup will show up, where the value of the Authorization header can be inserted.

There will also be the authorize button in the top right corner of the swagger-ui page which does the same.

---

To selectively define protected APIs rather than globally, delete the line .addSecurityItem(new SecurityRequirement().addList(securitySchemeName)) from the configuration, and add the following line above each protected API:

@Operation(security = { @SecurityRequirement(name = "bearer-key") })