.NET Core Web API, JWT and Swagger - 401 is showing as Undocumented instead of Unauthorized
Stack Overflow Asked by JoeD on January 29, 2021
I have an ASP.NET Core Web API 3 app that implements a REST API and uses a JWT bearer token for authorization, and Swagger (Swashbuckle).
My controller has the [Authorize] filter on it, like:
[ApiController]
[Route("api/[controller]")]
[Authorize]
public class MyController : ControllerBase
{
}
Swagger works with my API, and I can generate a JWT token and give to Swagger and it all works well.
But if I try to use Swagger to hit one of my REST endpoints without a JWT token or invalid JWT token, the Swagger UI is showing an error 401 Undocumented, but all the examples I see out on the web show that I should be getting 401 Unauthorized.
(When I hit the same URL with Postman, it does show 401 Unauthorized.)
Before I start ripping out things, any ideas why I might be getting Undocumented instead of Unauthorized?
This is what I see:
When I add the attribute suggested below
(ProducesResponseType(typeof(ProblemDetails), (int)HttpStatusCode.Unauthorized)])
I see this:
3 Answers
Maybe it is late but I was into this problem so know I answer that.
It shows Undocumented because there is no bearer keyword exist in start point of you Authorization header. probably your header is something like this:
Authorization: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJNb3N0YWZhOTEiLCJqdGkiOiIzNGEzNjQwNC1iZWNjLTRhMmMtOGJkZi01ZDc1ZTBiY2QwZGIiLCJJZCI6IjEiLCJleHAiOjE2MTAyNDcyMTUsImlzcyI6Im1vaGFtYWRyYXZhZWkuaW5mbyIsImF1ZCI6Im1vaGFtYWRyYXZhZWkuaW5mbyJ9.0_kKI7F12o62A_QUZ38U9KVbBpnQMyO7kGcqBZzU4AU
so you should change it to:
Authorization:
**Bearer** eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJNb3N0YWZhOTEiLCJqdGkiOiIzNGEzNjQwNC1iZWNjLTRhMmMtOGJkZi01ZDc1ZTBiY2QwZGIiLCJJZCI6IjEiLCJleHAiOjE2MTAyNDcyMTUsImlzcyI6Im1vaGFtYWRyYXZhZWkuaW5mbyIsImF1ZCI6Im1vaGFtYWRyYXZhZWkuaW5mbyJ9.0_kKI7F12o62A_QUZ38U9KVbBpnQMyO7kGcqBZzU4AU
Actually the postman set the bearer at first of Token and If you set Bearer but the Token is deprecated then the status code is going to show Unauthorized code.
Answered by ravaei on January 29, 2021
You can add app.UseStatusCodePages() in the Startup.cs.
This will then return a response body of Response Body
Answered by Gareth Hodgson on January 29, 2021
Could you please try with below attribute in the action method,
[ProducesResponseType(typeof(ProblemDetails), (int)HttpStatusCode.Unauthorized)]
Answered by Anupam Maiti on January 29, 2021
Add your own answers!
Ask a Question
Get help from others!
Recent Questions
- How can I transform graph image into a tikzpicture LaTeX code?
- How Do I Get The Ifruit App Off Of Gta 5 / Grand Theft Auto 5
- Iv’e designed a space elevator using a series of lasers. do you know anybody i could submit the designs too that could manufacture the concept and put it to use
- Need help finding a book. Female OP protagonist, magic
- Why is the WWF pending games (“Your turn”) area replaced w/ a column of “Bonus & Reward”gift boxes?
Recent Answers
- Lex on Does Google Analytics track 404 page responses as valid page views?
- Peter Machado on Why fry rice before boiling?
- haakon.io on Why fry rice before boiling?
- Jon Church on Why fry rice before boiling?
- Joshua Engel on Why fry rice before boiling?