http-client-contracts | HTTP client abstractions extracted out of the Symfony | Web Framework library

While my end goal is to prevent Swagger UI from losing authentication upon browser reload, I believe I might have found a solution assuming swagger-ui parameters can be changed when using api-platform, and described it at the tail of this post.

A REST API uses Symfony, API-platform and authenticates using JWT and documentation is provided by swagger-ui. On the swagger-ui page, after submitting the apiKey, future requests include it in the header, however, if the browser is refreshed, the authorization token is lost.

There has been some discussion on this topic primarily on this github post and some on this stackoverflow post, and the general consensus seems to be that swagger-ui there is no "official" way to persist tokens.

Overall Swagger UI does not store tokens, and probably on purpose. There is no switch to enable this, but looks like there are little things that can be done to remember a token via cookie, local storage, indexdb, etc and when the page is reloaded, populate the token back in.

The swagger configuration documentation, however, appears to have an Authorization parameter which will allow the authorization data to be persisted upon browser refresh.

• Parameter name: persistAuthorization
• Docker variable: PERSIST_AUTHORIZATION
• Description: Boolean=false. If set to true, it persists authorization data and it would not be lost on browser close/refresh

Assuming I correctly interpret the Swagger documentation, how can the persistAuthorization parameter be set to true?

When modifying config/api_platform.yaml to set persistAuthorization, I received errors Unrecognized option "persistAuthorization" under "api_platform.swagger.api_keys.apiKey". Available options are "name", "type". and Unrecognized option "persistAuthorization" under "api_platform.swagger". Available options are "api_keys", "versions".