implementing oauth security scheme in swagger
64 views
Skip to first unread message
Naina Ramnani
Jun 29, 2017, 8:02:55 AM6/29/17
to Swagger
I have enabled oauth security scheme in my swagger and the UI shows authorize option but even if I don't authorize, the api methods are exposed and the value can be seen.
configuration is
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info
{
Title = "Billing Api,Title for your Api",
Version = "v1"
}
);
// c.AddSecurityDefinition("API Key", new ApiKeyScheme() { Description = "API Key Authentication", Name = "api-key", In = "header", Type = "string" });
// c.OperationFilter<SecurityRequirementsOperationFilter>();
c.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Type = "oauth2",
Description = "OAuth2 Implicit Grant",
Flow = "implicit",
AuthorizationUrl = "https://login.windows.net/tenantid/oauth2/authorize",
TokenUrl = "https://login.microsoftonline.com/tenantid/oauth2/token",
Scopes = new Dictionary<string, string>
{
{"read" , "Access app" }
}
});
c.OperationFilter<SecurityRequirementsOperationFilter>();
}
app.UseSwaggerUI(c =>
{
c.ConfigureOAuth2("client id", "clientsecret", "https://localhost:44369/api/Values", "apiswaggerazure", " ", new Dictionary<string, string> { { "resource", "clientid" } });
c.RoutePrefix = "swagger/ui";
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
});
public class SecurityRequirementsOperationFilter : IOperationFilter
{
private readonly IOptions<AuthorizationOptions> authorizationOptions;
public SecurityRequirementsOperationFilter(IOptions<AuthorizationOptions> authorizationOptions)
{
this.authorizationOptions = authorizationOptions;
}
public void Apply(Operation operation, OperationFilterContext context)
{
if (operation.Security == null)
operation.Security = new List<IDictionary<string, IEnumerable<string>>>();
var oAuthRequirements = new Dictionary<string, IEnumerable<string>>
{
{ "oauth2", Enumerable.Empty<string>() }
};
operation.Security.Add(oAuthRequirements);
}
}
Reply all
Reply to author
Forward
0 new messages