Oauth 2.0 如何设置Swashback.AspNetCore和Oauth2
我在想我哪里出错了Oauth 2.0 如何设置Swashback.AspNetCore和Oauth2,oauth-2.0,asp.net-core-mvc,swagger,swagger-ui,swashbuckle,Oauth 2.0,Asp.net Core Mvc,Swagger,Swagger Ui,Swashbuckle,我在想我哪里出错了 services.AddSwaggerGen(options => { options.SwaggerDoc("v1", new Info { Title = "MySite API", Version = "v1" }); options.OperationFilter<AuthorizeCheckOperationFilter>(); options.OperationFilter<AddSwaggerHeadersOper
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new Info { Title = "MySite API", Version = "v1" });
options.OperationFilter<AuthorizeCheckOperationFilter>();
options.OperationFilter<AddSwaggerHeadersOperationFilter>();
options.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Type = "oauth2",
Flow = "implicit",
AuthorizationUrl = "authorization url",
TokenUrl = "token url",
Scopes = new Dictionary<string, string>()
{
{ "scope", "Scope" }
}
});
});
//Configure Method
app.UseSwagger();
app.UseSwaggerUI(options =>
{
options.SwaggerEndpoint("/swagger/v1/swagger.json", "MySite API V1");
options.OAuthClientId("MyClientId");
options.OAuthAppName("Swagger Api Calls");
//c.RoutePrefix = string.Empty;
});
//AuthorizeCheckOperationFilter
internal class AuthorizeCheckOperationFilter : IOperationFilter
{
public void Apply(Operation operation, OperationFilterContext context)
{
if (context.ApiDescription.TryGetMethodInfo(out var methodInfo))
{
var attributes = methodInfo.DeclaringType.GetTypeInfo().GetCustomAttributes(true);
if (attributes.OfType<AuthorizeAttribute>().Any())
{
operation.Responses.Add("401", new Response { Description = "Unauthorized" });
operation.Responses.Add("403", new Response { Description = "Forbidden" });
operation.Security = new List<IDictionary<string, IEnumerable<string>>>();
operation.Security.Add(new Dictionary<string, IEnumerable<string>>
{
{ "oauth2", new [] { "api1" } }
});
}
}
}
}
//Extra field
internal class AddSwaggerHeadersOperationFilter : IOperationFilter
{
public void Apply(Operation operation, OperationFilterContext context)
{
if (operation.Parameters == null)
operation.Parameters = new List<IParameter>();
operation.Parameters.Add(new NonBodyParameter
{
Name = "SomeField",
In = "header",
Type = "string",
Required = true,
Default = "some value"
});
}
}
services.AddSwaggerGen(选项=>
{
options.SwaggerDoc(“v1”,新信息{Title=“mysiteapi”,Version=“v1”});
options.OperationFilter();
options.OperationFilter();
options.AddSecurityDefinition(“oauth2”,新的OAuth2Scheme
{
Type=“oauth2”,
Flow=“隐式”,
AuthorizationUrl=“授权url”,
TokenUrl=“TokenUrl”,
范围=新字典()
{
{“范围”,“范围”}
}
});
});
//配置方法
app.UseSwagger();
app.UseSwaggerUI(选项=>
{
options.SwaggerEndpoint(“/swagger/v1/swagger.json”,“MySite API v1”);
选项:OAuthClientId(“MyClientId”);
options.OAuthAppName(“Swagger Api调用”);
//c、 RoutePrefix=string.Empty;
});
//授权检查操作过滤器
内部类AuthorizeCheckOperationFilter:IOperationFilter
{
公共无效应用(操作,操作筛选器上下文)
{
if(context.apiscription.TryGetMethodInfo(out-var-methodInfo))
{
var attributes=methodInfo.DeclaringType.GetTypeInfo().GetCustomAttributes(true);
if(attributes.OfType().Any())
{
Add(“401”,新响应{Description=“Unauthorized”});
Add(“403”,新响应{Description=“probled”});
operation.Security=newlist();
操作.Security.Add(新字典)
{
{“oauth2”,新[]{“api1”}
});
}
}
}
}
//外场
内部类AddSwiggerHeaderOperationFilter:IOperationFilter
{
公共无效应用(操作,操作筛选器上下文)
{
if(operation.Parameters==null)
operation.Parameters=newlist();
operation.Parameters.Add(新的非主体参数
{
Name=“SomeField”,
In=“header”,
Type=“string”,
必需=真,
Default=“某些值”
});
}
}
现在,当我打开swagger页面时,我会点击授权按钮,当我在那里填写详细信息时,我会被重定向到我的身份网站,该网站会让我登录并重定向回swagger。然后大摇大摆地说,一切都很好
然后我尝试使用一个API,它要求传递承载令牌,但它不传递。我在标题中没有看到它,根据我在身份网站上的日志,没有传递任何信息
知道为什么或者如何解决这个问题吗?我使用的是Swashback.AspNetCore 4.1软件包。您可以添加
文档过滤器
:
public class SecurityRequirementsDocumentFilter : IDocumentFilter
{
public void Apply(SwaggerDocument document, DocumentFilterContext context)
{
document.Security = new List<IDictionary<string, IEnumerable<string>>>()
{
new Dictionary<string, IEnumerable<string>>()
{
{ "oauth2", new string[]{ "openid", "profile", "email" } },
}
};
}
}
参考:
我使用您的代码示例进行了测试,它按预期工作:
这已经奏效了。看,我以为我的操作过滤器应该这样做。我是否应该将逻辑从操作筛选器移动到文档?
options.DocumentFilter<SecurityRequirementsDocumentFilter>();