Is there any ways to override securitySchemes in Swagger UI?

[kimminw00]

When using Airflow REST API through Swagger UI, I would like to secure Airflow REST API only using JWT authentication and disable other securitySchemes(Basic, GoogleOpenId, Kerberos). Is there any ways to override securitySchemes in Swagger UI?

[potiuk]

Follow https://airflow.apache.org/docs/apache-airflow/stable/security/api.html#roll-your-own-api-authentication

[kimminw00]

I implemented custom API authentication functions, but it seems that other functions need to be modified in order to extend Swagger UI.

airflow/airflow/www/extensions/init_views.py

Lines 270 to 286 in 78b2d82

	with ROOT_APP_DIR.joinpath("api_connexion", "openapi", "v1.yaml").open() as f:
	specification = safe_load(f)
	api_bp = FlaskApi(
	specification=specification,
	resolver=_LazyResolver(),
	base_path=base_path,
	options={
	"swagger_ui": conf.getboolean("webserver", "enable_swagger_ui", fallback=True),
	"swagger_path": os.fspath(ROOT_APP_DIR.joinpath("www", "static", "dist", "swagger-ui")),
	},
	strict_validation=True,
	validate_responses=True,
	validator_map={"body": _CustomErrorRequestBodyValidator},
	).blueprint
	api_bp.after_request(set_cors_headers_on_response)
	app.register_blueprint(api_bp)

From the above code, it looks like v1.yaml file must be modified to extend Swagger UI. From what I've found so far, there is no way to provide a customized v1.yaml file except building a custom airflow package. Is that correct?

[potiuk]

No idea to be honest - I am not sure what you are asking about. If you want to run API calls,backend should be enough. These are plain REST calls - and you can generate your own client (and for that yes, you need to generate your code based on modfied v1.yaml). When it comes to swagger UI - this one that is embedded in Airflow uses the built-in auth schemes, But Swagger UI is just. a demo /documentation and a way to explore the API - you absolutely do not need swagger UI to run your API calls.

[kimminw00]

I provide airflow services to users.
So, airflow users find out which APIs can be used and how to authenticate from swagger UI.
However, even after I implemented JWT-based API authentication,
it didn't show up in the "Available authorizations" window in swagger UI,
leaving users in a situation where they did not know whether it had been actually implemented.

When it comes to swagger UI - this one that is embedded in Airflow uses the built-in auth schemes, But Swagger UI is just. a demo /documentation and a way to explore the API

From the above, it seems there is no way to edit swagger UI.
Thank you for your help :)

---

Available authorizations window

[potiuk]

You can always attempt to contribute it back. I don't lknow how to do it but if you have a service that you charge money for, it makes sense to consider to contribute such a feature back to Airflow as a way to give back :)