[JIRAALIGN-1462] API v2.0 : Executing any API call over Swagger's EXECUTE button results in 401 errors

Issue Summary

API v2.0 : Executing any API call over Swagger's EXECUTE button results in 401 errors

Steps to Reproduce

Pre-requisites:

• API 2.0 feature toggle ID 92 must be enabled
• User's API token must be valid

Steps

1. Log in to Jira Align, then browse to Swagger UI: https://instance.agilecraft.com/rest/align/api/docs/index.html
2. At the very beginning of the page, click on the Authorize button, then fill in the Value field with your user's API Token (it can be obtained from your user's profile page)
3. Click Authorize, notice the Authorized message then click Close to quit the authorisation dialog box
   Notice the Padlock icons now appear closed (meaning the session has been authorised with the provided token)
4. Browse to /align/api/2/Users/whoami call; click on it to expand
5. Click on Try it out button; notice the section will expand and new buttons will show up
6. As this particular call does not require any parameter, just click on Execute button
7. Notice a visual cue Loading will splash and results will be shown in the underneath fields.

Actual Results

• A 401 Unauthorized error code is returned:

   cf-cache-status: DYNAMIC 
   cf-ray: 58f38865a8ef0a14-GIG 
   cf-request-id: 028c13938500000a14cb976200000001 
   content-security-policy: frame-ancestors 'self'; 
   date: Wed, 06 May 2020 14:53:47 GMT 
   expect-ct: max-age=0, report-uri="https://agilecraft0423.report-uri.com/r/d/ct/reportOnly" 
   referrer-policy: strict-origin-when-cross-origin 
   server: cloudflare 
   status: 401 
   strict-transport-security: max-age=15552000; includeSubDomains; preload 
   www-authenticate: Bearer 
   x-content-type-options: nosniff 
   x-frame-options: SAMEORIGIN 
   x-xss-protection: 1; mode=block 
  

Expected Results

• A 200 OK status code with the following data:

  {
      "id": 9999,
      "uid": "9999",
      "firstName": "John",
      "lastName": "Doe",
      "fullName": "John Doe",
      "email": "jdoe@none.com",
      "userStartDate": "2019-07-25T00:00:00Z",
      "userEndDate": null,
      "isExternal": 0,
  (...)
      "self": "https://instance.agilecraft.com/rest/align/api/2/users/9999"
  }
  

Workaround

Workaround #1

1. At Swagger, click the Authorize button (padlock icon) to inform token. The Available authorizations dialog box will show up;
2. In Value field, type in Bearer {token} then click Authorize button. Click Close button.
3. Note that the padlock icon now shows locked.

Workaround #2

• Use UI instead of API

Workaround #3

• Use an API Client capable of working with bearer token – e.g. Postman API Client

Workaround #4

When using curl you should specify the authentication type by adding the word "bearer" before the token. it should look like:

curl -X GET "https://{URL}/rest/align/api/2/{end point}" -H "accept: */*" -H "Authorization: bearer {api key}"