I've created an OpenAPI 3 definition for a project where I've defined a POST request that sends a JSON schema. This setup is working well, and I can simulate the request using Swagger-UI. My server is implemented using Connexion and Flask.
Now, I want to modify my OpenAPI definition to encapsulate the JSON schema within a JWT (JSON Web Token) using a passkey, and then transmit it as application/jwt.
Here's a snippet of my current OpenAPI definition:
yaml
paths:
/myfunc:
post:
operationId: app.my_server_func
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/MyDataDef'
...
My goal is to make the necessary changes so that Swagger-UI can encrypt the data with a passkey and then send it as a JWT, without losing the existing functionality of Swagger-UI.
Could someone guide me on how to achieve this? Specifically, I need to know what changes are required in the OpenAPI definition to support sending data as application/jwt and how to integrate the JWT creation process into this flow, ideally using the Swagger-UI interface for testing.
I would like to clarify that what I'm seeking is not the standard Bearer Authentication mechanism. My objective is to add an extra layer of security by wrapping the data in a JWT, in addition to the existing HTTP/SSL transmission. This is because I want to ensure the security of the data independently of the client-server connection reliability.
I am familiar with ways to achieve this outside the scope of OpenAPI 3, but my current challenge lies in integrating this requirement into my OpenAPI 3 definition. I'm unsure how to describe this process in the API specification. My difficulty is compounded by the fact that my search attempts invariably lead me to information about Bearer Authentication, which is not what I need.
Could anyone provide guidance on how to modify my OpenAPI 3 definition to encapsulate data in a JWT for transmission, or point me towards resources that specifically address this use case? I am particularly interested in solutions that can be tested directly within Swagger-UI.
Thank you in advance for any assistance on this matter.