drf-yasg - How to customize persistent auth token?

Question

I am using drf-yasg to generate open API, what I want is once I have added the token for authentication it should be persistent and should not expire when user refreshes the page. Currently if user refreshes the page the token gets lost and user again needs to enter the token again and again after any single change.

Answer 1

Not sure if this is an answer to the question, but I was searching for the same thing as you until I figured this out.

What I wanted to do was to hide the API-endpoints that required authentication, and when the user authenticated they would show. I was thinking about persisting authentication and then the user would have to refresh the page manually to make it work.

Though, there is a setting in drf-yasg called REFETCH_SCHEMA_WITH_AUTH. This automatically refreshes the page when authorization is performed. I.e. you don't have to refresh the page manually. This is by default set to False, and for some reason it is really hard to find it if you don't already know what you are looking for.

My swagger settings in settings.py for my django-project looks like this now:

SWAGGER_SETTINGS = {
    "USE_SESSION_AUTH": True,
    "SECURITY_DEFINITIONS": {
        "Basic": {"type": "basic"},
        "api_key": {"type": "apiKey", "name": "authorization", "in": "header"},
    },
    "REFETCH_SCHEMA_WITH_AUTH": True,
}

I think this is a safer solution than persisting the authorization, as it might lead to security issues.

Answer 2

When using drf-yasg, you can configure settings in SWAGGER_SETTINGS in your settings.py. add 'PERSIST_AUTH': True into SWAGGER_SETTINGS would work.