Persist authorization data across browser close/refresh for OpenAPI Swagger UI

[nlykkei]

Use case

Currently, each time the user refreshes the Swagger UI or closes the browser, the authorization data, e.g. OAuth 2.0 tokens, is lost, which forces the user to re-authenticate to call APIs.

While one may argue that transient authorization data is more secure, it's not a great user experience. Many web applications persist short-lived tokens.

The persistAuthorization option to Swagger UI persists the authorization data in local storage, so it remains across browser close/refresh:

https://swagger.io/docs/open-source-tools/swagger-ui/usage/configuration/#:~:text=persistAuthorization

Solution/User Experience

Provide an extra argument persist_authorization to enable_swagger()

Alternative solutions

No response

Acknowledgment

• This feature request meets Powertools for AWS Lambda (Python) Tenets
• Should this be considered in other Powertools for AWS Lambda languages? i.e. Java, TypeScript, and .NET

[leandrodamascena]

Thanks for opening this! Working to merge the PR

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.