Read more on scottbrady91.com
scottbrady91 / identityserver4-swagger-integration Goto Github PK
View Code? Open in Web Editor NEWHow to get Swashbuckle or NSwag Swagger UI's working with IdentityServer 4
License: MIT License
How to get Swashbuckle or NSwag Swagger UI's working with IdentityServer 4
License: MIT License
Read more on scottbrady91.com
I altered this line of code, it's not as elegant but does the same job:
public void Apply(Operation operation, OperationFilterContext context)
{
var found = false;
if (context.ApiDescription.ActionDescriptor is Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor controller)
{
found = controller.ControllerTypeInfo.GetCustomAttributes().OfType<AuthorizeAttribute>().Any();
}
if (!found)
{
if (!context.ApiDescription.TryGetMethodInfo(out var mi)) return;
if (!mi.GetCustomAttributes().OfType<AuthorizeAttribute>().Any()) return;
}
operation.Responses.TryAdd("401", new Response { Description = "Unauthorized" });
operation.Responses.TryAdd("403", new Response { Description = "Forbidden" });
operation.Security = new List<IDictionary<string, IEnumerable<string>>>
{
new Dictionary<string, IEnumerable<string>>
{
{ "oauth2", new [] { "identityapi" } }
}
};
}
This checks if the controller itself has the authorize attribute and if not checks the action. Might be worth updating your blog post with this snippet.
I downloaded the project and the identityserver opens and logged in successful but what next
Thank you for this.
I would like to know how to block the docs using identity server that way I can deploy swagger to all environments without getting worried about my API being exposed to the public.
Thanks in advanced.
I am starting Api.Swashbuckle.csproj.user
dotnet run
info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
User profile is available. Using 'C:\Users\max\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
info: Microsoft.Hosting.Lifetime[0]
Now listening on: https://localhost:5001
info: Microsoft.Hosting.Lifetime[0]
Now listening on: http://localhost:5000
info: Microsoft.Hosting.Lifetime[0]
Application started. Press Ctrl+C to shut down.
info: Microsoft.Hosting.Lifetime[0]
Hosting environment: Development
info: Microsoft.Hosting.Lifetime[0]
Content root path: c:\work\IdentityServer4-Swagger-Integration\Api.Swashbuckle
info: Microsoft.Hosting.Lifetime[0]
Now, when I am trying to authorize using Swagger I am redirected to https://localhost:5000/connect/authorize?response_type=code&client_id=demo_api_swagger&redirect_uri=https%3A%2F%2Flocalhost%3A5001%2Fswagger%2Foauth2-redirect.html&scope=api1&state=VHVlIEp1bCAwNyAyMDIwIDEzOjUzOjI5IEdNVCswMzAwICjQnNC%2B0YHQutCy0LAsINGB0YLQsNC90LTQsNGA0YLQvdC%2B0LUg0LLRgNC10LzRjyk%3D&code_challenge=B_M2Xf-8ZUdugsHiXmHvgPj4Nz-uIlqQoVmWMg1BRMk&code_challenge_method=S256 where I am getting ERR_SSL_PROTOCOL_ERROR
I am not sure, but this might be related to the security definition. My app servers HTTP on localhost:5000 and HTTPS on localhost:5001 using dotnet run command.
options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
AuthorizationCode = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri("https://localhost:5000/connect/authorize"),
TokenUrl = new Uri("https://localhost:5000/connect/token"),
Scopes = new Dictionary<string, string>
{
{"api1", "Demo API - full access"}
}
}
}
});
I tried to use localhost:5001 in my security definition but in this case I am getting 404 error.
hi , raw issues address is DuendeSoftware/IdentityServer#777 ,can you help me.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.