Add possibility to provide to manually provide the OAuth token

[valmoz]

First of all, I would like to thank you for this amazing tool.
I tried to retrieve an access token using rapidoc, and it worked amazingly. The token was retrieved correctly and it was possible to perform authenticated REST calls.

I would like to require the possibility to optionally skip the authentication step, and enable the user to insert his token manually into the page to use it to authenticate the REST calls.

I think this could be fairly easy to implement and very useful for testing purposes: for example, the user would be able to test his own implementation of the OAuth flow on his application before even starting implementing the method requests, just copying the obtained token and pasting it into a dedicated input field in the rapidoc page. Also, the user could use an existing token to explore new methods from the page without having to perform the auth step.

Thanks

[mrin9]

and enable the user to insert his token manually into the page to use it to authenticate the REST calls.

well you can do that programmatically.

• You need to put a text-box where the user can provide her/his token in any suitable slot

 <rapi-doc id="thedoc"  spec-url="../specs/auth.yaml" >
   <div slot='operations-top'>
       <input  id='api-key-textbox' type='text' > 
   </div>
 </rapi-doc>

• and then use the method setApiKey() provided by rapidoc

// get the token from text-box
const newApiToken = document.getElementById('api-key-textbox').value;

// get reference of RapiDoc element
const docEl = document.getElementById('thedoc');

// use setApiKey() to provide the token programmatically
docEl.setApiKey('security-scheme-name-defined-in-your-spec', newApiToken);

Here is an example that updates security keys Programmatically (which is defined in the spec)
https://rapidocweb.com/examples/auth.html#operations-top source of this can be found at https://github.com/rapi-doc/RapiDoc/blob/master/docs/examples/auth.html#L141-L165

feel free to close the issue if it takes care of your situation

[valmoz]

Thank you @mrin9 I'll give it a try and keep you updated

[valmoz]

Thank you @mrin9, checking the links you shared with me I noticed the HTTP Bearer option, which seems to work greatly for my use case.

I don't know if this is the right place, but I wanted to ask if there's also a way to automatically select the "Request Body" option in the Authorization Code Flow section. I'm worried that my users could try with the default option "Authorization Header" obtaining an error.

[mrin9]

if there's also a way to automatically select the "Request Body" option

there is none at the moment.

But if the default UI doesn't work for you then I suggest to hide it and

• create your own UI (labels, text-boxes, buttons etc)
• retrieve the token using your java-script either from header or body based on your need
• finally apply the token programmatically using setApiKey method

I will close this issue, please create a new one to allow setting default selection of Request Body option to receive auth tokens and link this issue there