hello friends! we recently have been playing around with securing the pinot cluster, so far we just created some users and distributed the token among the different pinot components, things worked fine, however i have a question, once things get authorized, even though we authorize ourselves in the pinot controller UI if we try to use swagger we get forbidden errors, like swagger is expecting things to be authenticated i thought, since this is living in the controller and since we already put id and pw in the UI things would get authorized from there but i don’t think that’s the case how can we do authorized request from swagger? has anyone run into this similar issue? our workaround was to use postman and send the basic auth header ourselves but would like to do it thru swagger as it’s easier, thoughts?

I think @Xiaoman Dong added that for Swagger.

hey @Xiaoman Dong @Xiaoman Dong (public) any clue about this?

The latest Swagger UI has a “Authorize ” Button in it. If you click it, it will ask you to enter a Header value. It is the value of

"Authorization: <your input>"

pair, meaning Swagger will take your input and add an extra pair of header to it:

Authorization: <whatever you type in it>

i’m using Pinot 0.10.0, does that mean that that latest Swagger UI doesn’t come with it?

@Luis Fernandez The change is in https://github.com/apache/pinot/pull/8830 and it was after 0.10.0, based on https://github.com/apache/pinot/releases You can try cherry pick that PR into your local build, that PR mostly adds all the annotation to endpoints

thank you for your help 🙏