Swagger UI - Oauth 密码流，检索令牌并将其添加到授权请求 [英] Swagger UI - Oauth password flow, retrieve and add token to authorized requests

问题描述

我刚刚开始在 MVC 中将 Swagger UI 用于 ASP.Net API Web 项目.除了身份验证之外，我理解的大部分内容都是正确的.

I have just started using Swagger UI for ASP.Net API web project in MVC. Most of the parts I understood properly except the authentication.

我正在使用 OAuth ASP.Net 身份.以下是我的设置:

I am using OAuth ASP.Net Identity. following are my settings:

SwaggerConfig.cs

         c.OAuth2("oauth2")
                        .Description("OAuth2 Implicit Grant")
                        .Flow("password")
                        .AuthorizationUrl("/api/Account/ExternalLogin")
                        .TokenUrl("/Token")
                        .Scopes(scopes =>
                        {
                            scopes.Add("values:read", "Read access to protected resources");
                            scopes.Add("values:write", "Write access to protected resources");
                        });

         c.OperationFilter<AssignOAuth2SecurityRequirements>();

AssignOAuth2SecurityRequirements.cs

internal class AssignOAuth2SecurityRequirements : IOperationFilter
    {
        public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
        {
            var authorizeAttributes = apiDescription.ActionDescriptor.GetCustomAttributes<AuthorizeAttribute>();

            if (!authorizeAttributes.Any())
                return;

            if (operation.security == null)
                operation.security = new List<IDictionary<string, IEnumerable<string>>>();

            var oAuthRequirements = new Dictionary<string, IEnumerable<string>>
            {
                { "oauth2", Enumerable.Empty<string>() }
            };

            operation.security.Add(oAuthRequirements);

        }
    }

index.html

<script>
window.onload = function() {

  // Build a system
  const ui = SwaggerUIBundle({
      url: "http://localhost:17527/swagger/docs/v1",
    dom_id: '#swagger-ui',
    deepLinking: true,
    presets: [
      SwaggerUIBundle.presets.apis,
      SwaggerUIStandalonePreset
    ],
    plugins: [
      SwaggerUIBundle.plugins.DownloadUrl
    ],
    layout: "StandaloneLayout"
  })

  window.ui = ui
}
</script>

从APP页面授权/Token请求.

Upon authorizing the /Token request from APP page.

但是当我尝试访问 values 端点时，它会引发错误.

But when I try to access values endpoint it throws an error.

其原因是请求缺少应该在标头中的承载令牌

and the reason for that is the request is missing the Bearer Token that should go in headers

我已经尝试了几个解决方案，但无法解决.

I have already tried few solutions but was not able to resolve it.

提前致谢.

推荐答案

我最近也试过这个，你必须把 [Authorize] 属性放在方法级别而不是控制器级别然后它会工作并在每个请求.

I have also tried this recently,you have to put [Authorize] attribute in method level but not at controller level then it will works and sends Bearer token in each request.

这篇关于Swagger UI - Oauth 密码流，检索令牌并将其添加到授权请求的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！