Why I can not see the authorize button in drf-spectacular's swagger?

Before we had a monolyth, but now we are moving to microservices architecture, and here the settings for my drf-spectacular, but I do not have the Authorize button as I had before, exactly with this settings just instead of custom authentication was rest_framework_simplejwt.authentication.JWTAuthentication,

REST_FRAMEWORK = {
    'DEFAULT_SCHEMA_CLASS': 'drf_spectacular.openapi.AutoSchema',
    'DEFAULT_AUTHENTICATION_CLASSES': ('custom.custom_authentication.CustomAuthentication',),
}
SPECTACULAR_SETTINGS = {
    'TITLE': 'My Title',
    'DESCRIPTION': 'My description',
    'VERSION': '0.0.1',
    'SERVE_INCLUDE_SCHEMA': False,
    'SERVE_PERMISSIONS': ['rest_framework.permissions.IsAdminUser'],
    'SERVE_AUTHENTICATION': [
        'rest_framework.authentication.SessionAuthentication',
        'custom.custom_authentication.CustomAuthentication',
    ],
    'SWAGGER_UI_SETTINGS': {"filter": True, "persistAuthorization": True}
}

What might be the problem for not seeing the authorize button?

The absence of the "Authorize" button in the Swagger UI when using drf-spectacular with custom.custom_authentication.CustomAuthentication instead of JWTAuthentication might be due to several factors related to how the authentication is configured in your custom authentication class. Here’s a checklist to help you troubleshoot:

  1. Custom Authentication Class Compatibility: Ensure that CustomAuthentication properly implements authenticate_header. Swagger needs this header to trigger the authorization prompt.

    from rest_framework.authentication import BaseAuthentication

class CustomAuthentication(BaseAuthentication):
    def authenticate_header(self, request):
        return 'Bearer'

    This method is essential, as it tells Swagger that it should display an authorization option for a Bearer token.

  2. Check SPECTACULAR_SETTINGS for Security Schemes: Since drf-spectacular relies on OpenAPI settings to display the authorization option, you may need to explicitly define your security scheme. Add a SECURITY_DEFINITIONS entry for your custom authentication:

    SPECTACULAR_SETTINGS = {
    'TITLE': 'My Title',
    'DESCRIPTION': 'My description',
    'VERSION': '0.0.1',
    'SERVE_INCLUDE_SCHEMA': False,
    'SERVE_PERMISSIONS': ['rest_framework.permissions.IsAdminUser'],
    'SERVE_AUTHENTICATION': [
        'rest_framework.authentication.SessionAuthentication',
        'custom.custom_authentication.CustomAuthentication',
    ],
    'SWAGGER_UI_SETTINGS': {"filter": True, "persistAuthorization": True},
    'SECURITY_DEFINITIONS': {
        'CustomAuth': {
            'type': 'http',
            'scheme': 'bearer',
            'bearerFormat': 'JWT',
        },
    },
    'SECURITY': [{'CustomAuth': []}],  # Ensures the scheme is used by default
}

    This configuration tells Swagger to use a Bearer token for authorization.

  3. Ensure persistAuthorization is Enabled: Confirm that "persistAuthorization": True is set under SWAGGER_UI_SETTINGS, which it already is in your setup. This setting keeps the authorization header active across page reloads.

  4. Recheck Permissions and Authentication: If you're testing in development, ensure your custom authentication and permissions are correctly returning the IsAdminUser or any other permissions you might require.

  5. Clear Cache and Refresh the UI: Sometimes Swagger UI caches settings, especially during development. Clear the browser cache and refresh the page to ensure the changes take effect.

These steps should help restore the "Authorize" button with your custom authentication class. Let me know if the button still doesn’t appear after these adjustments!

Back to Top