WEBVTT

00:03.730 --> 00:05.140
Hey, did everyone share?

00:05.140 --> 00:08.040
And welcome to another video of writing documentation.

00:08.050 --> 00:10.660
So in this video we'll talk about the security schema.

00:10.690 --> 00:15.250
Now, if you'll be working on to a complex project, it is obvious that you'll be writing some of the

00:15.250 --> 00:18.300
protected routes that require some of the tokens in your browser.

00:18.310 --> 00:21.880
Now token can be into the header can be into the cookies.

00:21.880 --> 00:26.500
It's a whole lot of flow that you can work on and definitely we can have our argument which one is better,

00:26.500 --> 00:27.970
which one is secure, and all of that.

00:27.970 --> 00:30.160
I'm up for the debate, but not right now.

00:30.370 --> 00:32.950
So let's go ahead and see that how this actually works.

00:33.020 --> 00:35.830
Now, a couple of things that you have to keep in mind.

00:35.830 --> 00:40.770
That first thing, that info is kind of a general collection of all the things that you put up in it.

00:40.900 --> 00:45.310
Similarly, we have servers, we have components and we have parts as well.

00:45.310 --> 00:47.440
So this is how the entire breakage is being done.

00:47.440 --> 00:48.670
Now we are aware of the server.

00:48.670 --> 00:51.460
We can actually go ahead and close it down and move on further.

00:51.460 --> 00:55.420
Now when you're closing it down, make sure, especially pay attention where your cursor is blinking

00:55.420 --> 00:57.010
because this matters a lot.

00:57.100 --> 01:02.710
Notice here, if I go ahead and close it up and if I try to go enter, this is how it happens and it's

01:02.710 --> 01:03.850
going to mess up everything.

01:03.850 --> 01:05.980
So please pay special attention on this one.

01:05.980 --> 01:09.400
You might want to hit a couple of lines of enters after this and you go ahead.

01:09.400 --> 01:12.010
And now shutting this up really very obvious.

01:12.010 --> 01:15.550
But I know I have seen people struggling it up even in the offices.

01:15.700 --> 01:21.430
Okay, now moving in, then we are going to define a component and no extension is going to give you

01:21.430 --> 01:22.480
suggestions on this one.

01:22.480 --> 01:27.220
So please don't expect once you have written a few of the documentation that will start giving you that.

01:27.220 --> 01:27.730
Okay.

01:28.330 --> 01:33.850
Now, after this, we can define our security, if I can write that.

01:35.060 --> 01:37.430
Security schema.

01:37.460 --> 01:40.490
Now, these security not schema security schemes.

01:40.490 --> 01:44.760
And I'll tell you from where you can actually copy paste this so that you don't make any typos but will

01:44.810 --> 01:46.340
at least try to write down them.

01:46.340 --> 01:52.760
You can define security schemes and swagger actually knows that it can come up from the cookies, maybe

01:52.760 --> 01:53.630
from someplace else.

01:53.630 --> 01:56.960
So it provides you a whole lot of options to actually go ahead and win that.

01:56.960 --> 02:00.500
So one of them really common one is actually the cookie auth.

02:00.500 --> 02:05.660
So your authentication can be made by cookies, probably http only cookie, but some form of the cookie.

02:05.660 --> 02:11.960
Now in that we allow a type, this type is going to be API key and again, case sensitive.

02:11.960 --> 02:13.400
Yes, it is case sensitive here.

02:13.400 --> 02:15.080
So make sure you pay attention up here.

02:15.290 --> 02:20.420
Now in here we are going to say in and just like that we are going to say it is going to come up in

02:20.420 --> 02:24.110
Cookie and we are going to also name this one as well.

02:24.110 --> 02:26.390
So let's go ahead and call this one as token.

02:27.080 --> 02:31.160
You don't need to specifically name this one, but it would be easier and I'll show you later where

02:31.160 --> 02:32.750
it actually comes up and all of that.

02:32.750 --> 02:35.690
Let's go ahead and save this one and catch it up on the browser.

02:35.690 --> 02:36.890
So how it looks like.

02:36.890 --> 02:40.490
So here is my browser hit reload and there we go.

02:40.880 --> 02:46.190
Now this authorized Tab's tab comes in and if I click on this, it gives me that, hey, this is the

02:46.190 --> 02:48.110
name of this cookie, so token.

02:48.110 --> 02:52.490
So it will come up in the cookie and whatever the value you paste it up here, it's going to come in.

02:52.490 --> 02:54.410
So this is how it basically works.

02:54.440 --> 02:57.950
Now I have given you this link in the presentation itself.

02:57.950 --> 03:04.460
This will take you up to this basic structure if you'll go a little bit up here into the parameters,

03:04.490 --> 03:06.290
not here, let me just look for it.

03:06.410 --> 03:11.090
So in the authentication here, you're going to see that all of these are mentioned and again, make

03:11.090 --> 03:15.470
sure you read it a little bit because sometimes you might want to use some of the JWT or something else.

03:15.470 --> 03:17.360
So they have given all of this up here.

03:17.390 --> 03:18.890
We wouldn't be using all of that.

03:18.890 --> 03:21.320
Let's go ahead and place the bearer token as well.

03:21.320 --> 03:26.900
So in case maybe majority of the time you'll be using the JWT tokens for that, the syntax is this one.

03:26.900 --> 03:28.520
So let's go ahead and add this one.

03:28.520 --> 03:32.780
Now, as soon as you add this, this is the exact point where a lot of people make mistake.

03:32.780 --> 03:35.480
Now, all of these are very, very case sensitive.

03:35.480 --> 03:37.460
So pay special attention on this.

03:37.460 --> 03:38.390
And there we go.

03:38.420 --> 03:41.000
Now, this is how the structure should look like.

03:41.000 --> 03:44.840
Save this moving back and let's go ahead and hit a reload.

03:44.840 --> 03:50.500
And now if I authorize, I have option to pass it up in the cookie or I have option to pass it up as

03:50.510 --> 03:55.670
a beta auth, which is HTTP beta will be all placed up and you just have to pass on your token value

03:55.670 --> 03:57.620
or whatever the value you want to pass on.

03:57.620 --> 03:58.550
I can as of now.

03:58.550 --> 04:02.120
Right, just the test and authorize it and you can see the value is being stored.

04:02.150 --> 04:07.940
Now, all the requests that you are going to make, they are going to be done with this information

04:07.940 --> 04:11.960
being passed on in the headers, but you can also manually pass on some information.

04:11.960 --> 04:13.160
We will study that later on.

04:13.160 --> 04:17.750
But notice yet if I reload this one, I click on authorize and that value is gone.

04:17.750 --> 04:20.330
This is by the design of swagger.

04:20.330 --> 04:21.440
So this is not a problem.

04:21.440 --> 04:22.670
This is how swagger works.

04:23.150 --> 04:29.210
And not only this, if you go back up here onto the authentication section, we have this API key auth,

04:29.210 --> 04:35.510
maybe are designing some kind of program or an application which is restricting people or how many times

04:35.510 --> 04:39.080
you can use the APIs or you can hit the request of the servers.

04:39.080 --> 04:43.460
So in that case, you can just go for these APIs in the header and you can do all this stuff there.

04:43.460 --> 04:45.710
So make sure you read a little bit about that.

04:45.710 --> 04:48.950
And notice here again, we have these security schemas and all of that.

04:48.950 --> 04:52.730
What is allowed, what is not again, there is no escape from reading the docs.

04:52.940 --> 04:57.740
You can I can just only point you can address some of the critical issues, but you have to go through

04:57.740 --> 04:58.790
and read through them.

04:58.940 --> 05:02.120
This is all that you need, at least for the most basic level.

05:02.120 --> 05:06.200
And I don't think you'll be needing much more than this for majority of the cases.

05:06.200 --> 05:06.860
So that's it.

05:06.860 --> 05:08.060
Let's keep the video short.

05:08.060 --> 05:11.150
And this is all what we wanted to cover about authentication.

05:11.150 --> 05:13.100
Let's go ahead and move on in the next video.