Admin Swagger UI not available when using api-key

[esune]

How to reproduce

Start an instance of aca-py using the following command:

PORTS="5000:5000 1000:1000" ./scripts/run_docker start --inbound-transport http 0.0.0.0 10000 --outbound-transport http --admin 0.0.0.0 5000 --admin-api-key my-super-secret-key --log-level DEBUG

This will start aca-py and activate its admin interface, expose it on port 5000 and protect requests targeting it using the specified api-key.

Expected result:
Navigating to http://localhost:5000 in the web browser results in the Swagger UI being displayed. Requests made through the UI will not work unless the api-key is provided (Swagger has a mechanism that allows to do so).

Actual result:
The agent returns the error message 401: unauthorized

This is an issue during development as it forces developers to start another instance of the agent just to check the Swagger docs, while it should be possible to use the currently running instance.

[msembinelli]

I think this mainly because the swagger doc route is also protected.

I used a chrome extension called ModHeader and I was able to set the api key and view the swagger

[esune]

Thanks @msembinelli, that is a good suggestion!

I personally would prefer if the doc route was unprotected in view mode, and requested an api-key could be entered in the swagger UI directly (see here as an example).

It may not be possible or easy to implement in our case though, I haven't looked into it yet - maybe @andrewwhitehead, @nrempel or @sklump can weigh in since they are more familiar with the swagger docs for aca-py.

Either way, having the workaround tracked here will be useful for future developers :)

[msembinelli]

No problem @esune , I banged my head against the wall at this one for awhile.

I agree that adding the auth button to input the token on swagger would be a much desired change.

As for unprotecting the route, maybe this is something that can be turned on with a debug parameter (so not as to use it in production)?