"X-JWT-Assertion" security scheme

[Angel0926]

How i can realize my own security-scheme: jwt "X-JWT-Assertion" ?

[sberyozkin]

@Angel0926 Do you mean that you have the bearer access token set with HTTP X-JWT-Assertion header, X-JWT-Assertion <token>, instead of the default Authorization: Bearer <token> ? If yes, use mp.jwt.token.header=X-JWT-assertion, see https://quarkus.io/guides/security-jwt#microprofile-jwt-configuration

[Angel0926]

Yes my project in quarkus and also i added this code in my application.yaml `

security-scheme: jwt
jwt-security-scheme-value: "bearer"
jwt-bearer-format: "JWT"
security-scheme-name: "X-JWT-Assertion"
security-scheme-description: "X-JWT-Assertion"
auto-add-security-requirement: true`.    what change ?

[Angel0926]

When i try portman newman integration i get this

[sberyozkin]

@Angel0926 I don't recognize those properties, which extension do you use ?

[Angel0926]

@sberyozkin i find it here https://quarkus.io/guides/openapi-swaggerui

[sberyozkin]

@Angel0926 I see, I guess those properties can help to show or possibly test from within Swagger UI, they don't, in itself control any verification process, to verify the token coming with the custom header, you'd need to use quarkus-smallrye-jwt, or quarkus-oidc

[Angel0926]

@sberyozkin @Securityscheme(securitySchemeName = “jwt”, type = SecuritySchemeType.HTTP, scheme = “bearer”, bearerFormat = “jwt”) This code right? and what it doing?

[sberyozkin]

@Angel0926 AFAIK, this code is about telling SwaggerUI/OpenAPI how to show and possibly test this method with Swagger UI. See my previous comment about the verification