Swagger是否可以从URL查询字符串获取授权令牌? [英] Is it possible for Swagger to get the authorization token from URL query string?
问题描述
在.NET Core项目中,我添加了一个安全定义(底部的代码),该定义向页面添加了Authorize按钮,用户可以输入api密钥-一切正常。
In a .NET Core project, I add a security definition (code at the bottom), which adds an Authorize button to the page and the user can enter the api key - everything works fine.
是否可以在URL中指定api密钥,以便Swagger自动使用该密钥而不需要输入它?像 /swagger/index.html?authorization=0123456789 之类的东西。
Is it possible to specify the api key in the URL so that Swagger automatically uses that instead of having to enter it? Like /swagger/index.html?authorization=0123456789 or something to that effect.
现有代码:
services.AddSwaggerGen(c => {
...
c.AddSecurityDefinition("api key", new ApiKeyScheme() {
Description = "Authorization query string expects API key",
In = "query",
Name = "authorization",
Type = "apiKey"
});
var requirements = new Dictionary<string, IEnumerable<string>> {
{ "api key", new List<string>().AsEnumerable() }
};
c.AddSecurityRequirement(requirements);
});
似乎带有 authorization 参数的URL应该
Seems like the URL with authorization parameter should work, but it doesn't.
PS使用Swashbuckle 4.0.x
P.S. Using Swashbuckle 4.0.x
推荐答案
确实可以,但是您将不得不覆盖Swagger-UI的索引页,以便插入您的自定义处理程序进入 onComplete 回调。
It is indeed possible, but you will have to override Swagger-UI's index page so you can plug your custom handler into onComplete callback.
- 从获取最新的index.html href = https://github.com/domaindrivendev/Swashbuckle.AspNetCore/blob/master/src/Swashbuckle.AspNetCore.SwaggerUI/index.html rel = nofollow noreferrer> Swashbuckle的源存储库(理想情况下,获取匹配的版本)
- 调整
configObject以添加OnComplete回调处理程序因此它将调用当UI就绪时,preauthorizeApiKey - 在
中覆盖用于自定义html的扩展方法IndexStreamUserSwaggerUI
- Grab latest index.html from Swashbuckle's source repo (ideally, get the matching version)
- Tweak
configObjectto add anOnCompletecallback handler so it will callpreauthorizeApiKeywhen the UI is ready - Override
IndexStreaminUserSwaggerUIextension method to serve the custom html
我最终进行了以下设置(省略了一些内容)为简洁):
I ended up having the following setup (some bits are omitted for brevity):
<!-- your standard HTML here, nothing special -->
<script>
// some boilerplate initialisation
// Begin Swagger UI call region
configObject.onComplete = () => {
// get the authorization portion of the query string
var urlParams = new URLSearchParams(window.location.search);
if (urlParams.has('authorization')) {
var apikey = urlParams.get('authorization');
// this is the important bit, see documentation
ui.preauthorizeApiKey('api key', apikey );// key name must match the one you defined in AddSecurityDefinition method in Startup.cs
}
}
const ui = SwaggerUIBundle(configObject);
window.ui = ui
}
</script>
Startup.cs
Startup.cs
public void ConfigureServices(IServiceCollection services)
{
.........
services.AddSwaggerGen(c => {
c.SwaggerDoc("v1", new Info { Title = "You api title", Version = "v1" });
c.AddSecurityDefinition("api key", new ApiKeyScheme() // key name must match the one you supply to preauthorizeApiKey call in JS
{
Description = "Authorization query string expects API key",
In = "query",
Name = "authorization",
Type = "apiKey"
});
var requirements = new Dictionary<string, IEnumerable<string>> {
{ "api key", new List<string>().AsEnumerable() }
};
c.AddSecurityRequirement(requirements);
});
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseSwagger();
app.UseSwaggerUI(c =>
{
c.IndexStream = () => File.OpenRead("wwwroot/swashbuckle.html"); // this is the important bit. see documentation https://github.com/domaindrivendev/Swashbuckle.AspNetCore/blob/master/README.md
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1"); // very standard Swashbuckle init
});
app.UseMvc();
}
完成所有操作后,使用?authorization调用标准的swagger URL = 1234567890应该会自动授权页面。
After you've done all that, calling the standard swagger URL with ?authorization=1234567890 should automatically authorize the page.
这篇关于Swagger是否可以从URL查询字符串获取授权令牌?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
