Hello,
I been trying for couple days swagger, and have been having some trouble
understanding and implementing it.
At first i thought it supports OAuth flows, but it seems a user have to
extend existing index page and implement on his own.
I want to ask, for what purpose this configuration is declared in swagger
config:
.EnableSwagger("docs/{apiVersion}/help", c =>
>
> {
>
> c.SingleApiVersion("v1", "API ussage");
>
>
>> var baseDirectory =
>> AppDomain.CurrentDomain.BaseDirectory;
>
> var fileName = Assembly
>
> .GetExecutingAssembly()
>
> .GetName()
>
> .Name + ".XML";
>
> var commentsFile = Path.Combine(baseDirectory,
>> "bin", fileName);
>
>
>> c.IncludeXmlComments(commentsFile);
>
>
>> c.OAuth2("oauth2")
>
> .Description("client credentials grant flow")
>
> .Flow("application")
>
> .Scopes(scopes => scopes.Add("someScope", "try
>> out the sample api"))
>
>
>> .TokenUrl("http://....../identity/connect/token";);
>
>
>>
>> c.OperationFilter<AssignOAuth2SecurityRequirements>();
>
> })
>
>
>
> .EnableSwaggerUi("help/{*assetPath}", c =>
>
> {
>
> c.DisableValidator();
>
> c.DocExpansion(DocExpansion.List);
>
> c.EnableOAuth2Support("client", "secret", "",
>> "someScope");
>>
> });
>
>
and AssignOAuth2SecurityRequirements
public class AssignOAuth2SecurityRequirements : IOperationFilter
>
> {
>
> public void Apply(Operation operation, SchemaRegistry
>> schemaRegistry, ApiDescription apiDescription)
>
> {
>
> //All methods are secured by default,
>
> //unless explicitly specifying an AllowAnonymous attribute.
>
> if (apiDescription != null)
>
> {
>
> var actFilters =
>> apiDescription.ActionDescriptor.GetFilterPipeline();
>
> var allowsAnonymous = actFilters.Select(f =>
>> f.Instance).OfType<OverrideAuthorizationAttribute>().Any();
>
> if (allowsAnonymous)
>
> return;
>
> }
>
>
>>
>> if (operation.security == null)
>
> operation.security = new List<IDictionary<string,
>> IEnumerable<string>>>();
>
>
>> var oAuthRequirements = new Dictionary<string,
>> IEnumerable<string>>
>
> {
>
> {"oauth2", Enumerable.Empty<string>()}
>
> };
>
>
>> operation.security.Add(oAuthRequirements);
>
> }
>
> }
>
>
>
> }
>
>
Why would i need such configuration? It does not seem to work, on simpliest
OAuth client credential flow.
--
You received this message because you are subscribed to the Google Groups
"Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
