Basic auth shouldn't require a password change reverted?

[RedwoodForest]

I am using swagger-ui version 3.19.5 (via Swashbuckle.AspNetCore.SwaggerUI v4.0.1) with an API that uses basic auth with a username but no password.

(One example of a high traffic and well-designed API that uses this approach for authentication is the Stripe API.)

It looks like in #2114 swagger-ui was changed to not require a password, but in the authorize dialog the password seems to always be required.

Was reverting this change intentional? Is there a workaround I can use to make it optional?

[heldersepu]

I think all that needs to be done is to remove the required flag here:

swagger-ui/src/core/components/auth/basic-auth.jsx

Line 76 in a86fcf3

: <Col><Input required="required"

[RedwoodForest]

@heldersepu

I agree.

We found that removing this attribute manually via the browser inspector fixes the issue so we wrote a Swagger plugin as a temporary workaround until this is fixed. (There is almost certainly a more idiomatic way to do this in React, but it's not a framework I'm familiar with.)

// Workaround for https://github.com/swagger-api/swagger-ui/issues/5410
// Based on https://stackoverflow.com/questions/52775462/how-to-insert-minor-customization-into-swagger-inside-its-markup
const BasicAuthPasswordOptionalPlugin = function () {
    return {
        wrapComponents: {
            // We're wrapping the Auths component used to display the authentication prompt:
            // https://github.com/swagger-api/swagger-ui/blob/v3.19.5/src/core/components/auth/auths.jsx
            auths: (Original, system) => (props) => {
                var wrapperClass = system.React.createClass({
                    componentDidMount: function () {
                        var passwordElement = document.querySelector(".auth-container input[type='password']");
                        // The password input field is only present if credentials have not already been entered yet
                        if (passwordElement !== null) {
                            passwordElement.removeAttribute("required");
                        }
                    },
                    render: function () {
                        return system.React.createElement(Original, props);
                    }
                });
                return system.React.createElement(wrapperClass, null);
            }
        }
    }
}

configObject.plugins = [BasicAuthPasswordOptionalPlugin];

[heldersepu]

@bodnia, @webron, @fehguy You guys worked on #2114 should we just remove the required="required" on:

swagger-ui/src/core/components/auth/basic-auth.jsx

Line 76 in a86fcf3

: <Col><Input required="required"

[leseb83]

Hi,
I also need this issue to be solved.
Thanks!

[shockey]

PR is welcome to remove the required attribute 😄

[Simran-B]

Just ran into this issue and since a solution was proposed but no PR yet, here is one: #5812