Swagger UI忽略x-tokenName扩展 [英] Swagger UI ignoring x-tokenName extension
问题描述
我在.net-core 2.1应用程序中使用Swashbuckle v5.0.0生成了我的api文档.
Im using Swashbuckle v5.0.0 in a .net-core 2.1 application to generate my api-documentation.
我添加了以下安全定义:
I've added this security definition:
cfg.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Name = "oauth2",
Type = SecuritySchemeType.OAuth2,
Scheme = IdentityServerAuthenticationDefaults.AuthenticationScheme,
Extensions = new Dictionary<string, IOpenApiExtension>
{
{ "x-tokenName", new OpenApiString("token id_token") }
},
Flows = new OpenApiOAuthFlows()
{
Implicit = new OpenApiOAuthFlow()
{
Scopes = swaggerSettings.Scopes,
AuthorizationUrl = new Uri(authorizationUrl),
TokenUrl = new Uri(swaggerSettings.IdentityProviderUrl + "/connect/token"),
}
},
});
这是从中生成的api规范(只是重要部分):
This is the api-specification that is getting generated from it (just the important part):
它几乎可以完美运行,因为我什至可以在swagger ui中打开以下对话框并进行完全授权:
It almost works perfectly, as I can even open the following dialog in the swagger ui and also do a full authorization:
但是问题是,即使x-tokenName值设置为"token id_token"(接收包含身份范围也包括配置文件和openid的身份范围的访问令牌是必需的),请求还是由swagger-发送的由提琴手录制的ui是这样的(切到重要部分):
But the problem is, even though the x-tokenName value is set to "token id_token" (which is required to receive an access token containing also identity-scopes, as profile and openid), the request send by the swagger-ui, recorded by fiddler, is this (cut to the important part):
GET /usermgmt/identityprovider/connect/authorize?response_type=token&[...]
在网络上,我可以找到有关我试图实现的功能的支持了一段时间的线程,然后它就不可用了,我不知道现在是否可用-似乎不是,但我认为此功能很重要所以应该在那里.
On the web I can find threads about that what I'm trying to achieve was supported for a while, then it wasnt and I don't know if it is now - it seems it isnt but I think this feature is important so it should be there.
我需要这个,因为我想使用在swagger-ui的请求上创建的访问令牌从配置文件端点请求用户组.
I need this because I want to request user-groups from the profile-endpoint using access tokens created on the request of the swagger-ui.
请帮助:)
推荐答案
您误解了Swagger UI中 x-tokenName 的目的.此扩展名指定要提取并随后在 Authorization:Bearer< token> .
You are misunderstanding the purpose of x-tokenName in Swagger UI. This extension specifies the field of the OAuth 2.0 token endpoint response to be extracted and subsequently used in the Authorization: Bearer <token>.
默认情况下,承载令牌是从 access_token 中提取的:
By default, the bearer token is extracted from access_token:
{
"access_token": "abcde12345",
"token_type": "Bearer",
"expires_in": 3599,
"id_token": "...."
}
=>
Authorization: Bearer abcde12345
如果安全方案定义指定了例如 x-tokenName:id_token ,则 id_token 的值将用作承载令牌:
If the security scheme definition specifies, for example, x-tokenName: id_token, then the value of id_token will be used as the bearer token instead:
{
"access_token": "....",
"token_type": "Bearer",
"expires_in": 3599,
"id_token": "xyz987"
}
=>
Authorization: Bearer xyz987
有关 x-tokenName 的更多信息:这里和此处./p>
More info about x-tokenName: here and here.
我想实现swagger ui生成的授权链接并将用户发送到包含"response_type = token id_token& [...]"的身份提供者
I want to achieve that the authorization link swagger ui generates and sends the user to the identity-provider contains "response_type=token id_token&[...]"
id_token 用于开放式ID连接(OIDC)流,这是OAuth 2.0的扩展.Swagger UI当前不支持 OIDC.
id_token is used in Open ID Connect (OIDC) flows, which is an extension of OAuth 2.0. Swagger UI currently does not support OIDC.
当Swagger UI支持OIDC时,您还需要将安全方案定义从 type:oauth2 更改为
When OIDC is supported in Swagger UI, you'll also need to change your security scheme definition from type: oauth2 to type: openIdConnect:
{
...
"components": {
"securitySchemes": {
"openId": {
"type": "openIdConnect",
"openIdConnectUrl": "https://path/to/.well-known/openid-configuration"
}
}
}
}
这篇关于Swagger UI忽略x-tokenName扩展的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
