Swagger UI - Oauth 密码流,检索令牌并将其添加到授权请求 [英] Swagger UI - Oauth password flow, retrieve and add token to authorized requests
问题描述
我刚刚开始在 MVC 中将 Swagger UI 用于 ASP.Net API Web 项目.除了身份验证之外,我理解的大部分内容都是正确的.
I have just started using Swagger UI for ASP.Net API web project in MVC. Most of the parts I understood properly except the authentication.
我正在使用 OAuth ASP.Net 身份.以下是我的设置:
I am using OAuth ASP.Net Identity. following are my settings:
SwaggerConfig.cs
c.OAuth2("oauth2")
.Description("OAuth2 Implicit Grant")
.Flow("password")
.AuthorizationUrl("/api/Account/ExternalLogin")
.TokenUrl("/Token")
.Scopes(scopes =>
{
scopes.Add("values:read", "Read access to protected resources");
scopes.Add("values:write", "Write access to protected resources");
});
c.OperationFilter<AssignOAuth2SecurityRequirements>();
AssignOAuth2SecurityRequirements.cs
internal class AssignOAuth2SecurityRequirements : IOperationFilter
{
public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
{
var authorizeAttributes = apiDescription.ActionDescriptor.GetCustomAttributes<AuthorizeAttribute>();
if (!authorizeAttributes.Any())
return;
if (operation.security == null)
operation.security = new List<IDictionary<string, IEnumerable<string>>>();
var oAuthRequirements = new Dictionary<string, IEnumerable<string>>
{
{ "oauth2", Enumerable.Empty<string>() }
};
operation.security.Add(oAuthRequirements);
}
}
index.html
<script>
window.onload = function() {
// Build a system
const ui = SwaggerUIBundle({
url: "http://localhost:17527/swagger/docs/v1",
dom_id: '#swagger-ui',
deepLinking: true,
presets: [
SwaggerUIBundle.presets.apis,
SwaggerUIStandalonePreset
],
plugins: [
SwaggerUIBundle.plugins.DownloadUrl
],
layout: "StandaloneLayout"
})
window.ui = ui
}
</script>
从APP页面授权/Token请求.
Upon authorizing the /Token request from APP page.
但是当我尝试访问 values 端点时,它会引发错误.
But when I try to access values endpoint it throws an error.
其原因是请求缺少应该在标头中的承载令牌
and the reason for that is the request is missing the Bearer Token that should go in headers
我已经尝试了几个解决方案,但无法解决.
I have already tried few solutions but was not able to resolve it.
提前致谢.
推荐答案
我最近也试过这个,你必须把 [Authorize] 属性放在方法级别而不是控制器级别然后它会工作并在每个请求.
I have also tried this recently,you have to put [Authorize] attribute in method level but not at controller level then it will works and sends Bearer token in each request.
这篇关于Swagger UI - Oauth 密码流,检索令牌并将其添加到授权请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!