For what it's worth, I am in the same situation, or nearly so. We use IdentityServer3 in C# Asp.Net environment with X.509 client certificate (https://someUrl/connect/token). I can always get a token with Google's Postman. With Swagger configured to use ApiKey, you can cut-and-paste the Postman-Token just one time into Swagger-UI to satisfy Authentication/Authorization requirements on all your controllers. With the OAuth2 configuration, each controller/function with an [Authorize] requirement will present its own credential-entry-dialog. That is 'letter-of-the-law' correct, I suppose, but not especially friendly to the interactive user. So, the research will continue...
On Saturday, March 25, 2017 at 3:29:28 PM UTC-4, time...@gmail.com wrote: > > Hello, > > I been trying for couple days swagger, and have been having some trouble > understanding and implementing it. > At first i thought it supports OAuth flows, but it seems a user have to > extend existing index page and implement on his own. > > I want to ask, for what purpose this configuration is declared in swagger > config: > > .EnableSwagger("docs/{apiVersion}/help", c => >> >> { >> >> c.SingleApiVersion("v1", "API ussage"); >> >> >>> var baseDirectory = >>> AppDomain.CurrentDomain.BaseDirectory; >> >> var fileName = Assembly >> >> .GetExecutingAssembly() >> >> .GetName() >> >> .Name + ".XML"; >> >> var commentsFile = Path.Combine(baseDirectory, >>> "bin", fileName); >> >> >>> c.IncludeXmlComments(commentsFile); >> >> >>> c.OAuth2("oauth2") >> >> .Description("client credentials grant flow") >> >> .Flow("application") >> >> .Scopes(scopes => scopes.Add("someScope", >>> "try out the sample api")) >> >> >>> .TokenUrl("http://....../identity/connect/token"); >> >> >>> >>> c.OperationFilter<AssignOAuth2SecurityRequirements>(); >> >> }) >> >> >> >> .EnableSwaggerUi("help/{*assetPath}", c => >> >> { >> >> c.DisableValidator(); >> >> c.DocExpansion(DocExpansion.List); >> >> c.EnableOAuth2Support("client", "secret", "", >>> "someScope"); >>> >> }); >> >> > and AssignOAuth2SecurityRequirements > > public class AssignOAuth2SecurityRequirements : IOperationFilter >> >> { >> >> public void Apply(Operation operation, SchemaRegistry >>> schemaRegistry, ApiDescription apiDescription) >> >> { >> >> //All methods are secured by default, >> >> //unless explicitly specifying an AllowAnonymous >>> attribute. >> >> if (apiDescription != null) >> >> { >> >> var actFilters = >>> apiDescription.ActionDescriptor.GetFilterPipeline(); >> >> var allowsAnonymous = actFilters.Select(f => >>> f.Instance).OfType<OverrideAuthorizationAttribute>().Any(); >> >> if (allowsAnonymous) >> >> return; >> >> } >> >> >>> >>> if (operation.security == null) >> >> operation.security = new List<IDictionary<string, >>> IEnumerable<string>>>(); >> >> >>> var oAuthRequirements = new Dictionary<string, >>> IEnumerable<string>> >> >> { >> >> {"oauth2", Enumerable.Empty<string>()} >> >> }; >> >> >>> operation.security.Add(oAuthRequirements); >> >> } >> >> } >> >> >> >> } >> >> > Why would i need such configuration? It does not seem to work, on > simpliest OAuth client credential flow. > > > -- You received this message because you are subscribed to the Google Groups "Swagger" group. To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.