implementing oauth security scheme in swagger

Thu, 29 Jun 2017 05:03:11 -0700 

I have enabled oauth security scheme in my swagger and the UI shows 
authorize option but even if I don't authorize, the api methods are exposed 
and the value can be seen. 
configuration is 
services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Title = 
"Billing Api,Title for your Api", Version = "v1" } ); // 
c.AddSecurityDefinition("API Key", new ApiKeyScheme() { Description = "API 
Key Authentication", Name = "api-key", In = "header", Type = "string" }); 
// c.OperationFilter<SecurityRequirementsOperationFilter>(); 
c.AddSecurityDefinition("oauth2", new OAuth2Scheme { Type = "oauth2", 
Description = "OAuth2 Implicit Grant", Flow = "implicit", AuthorizationUrl 
= "https://login.windows.net/tenantid/oauth2/authorize";, TokenUrl = 
"https://login.microsoftonline.com/tenantid/oauth2/token";, Scopes = new 
Dictionary<string, string> { {"read" , "Access app" } } });

  c.OperationFilter<SecurityRequirementsOperationFilter>();
}


  app.UseSwaggerUI(c =>
            {
                  c.ConfigureOAuth2("client id", "clientsecret", 
"https://localhost:44369/api/Values";, "apiswaggerazure", " ", new 
Dictionary<string, string> { { "resource", "clientid" } });
               
                c.RoutePrefix = "swagger/ui";
                c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
               
               
            });


public class SecurityRequirementsOperationFilter : IOperationFilter
{
    private readonly IOptions<AuthorizationOptions> authorizationOptions;

    public 
SecurityRequirementsOperationFilter(IOptions<AuthorizationOptions> 
authorizationOptions)
    {
        this.authorizationOptions = authorizationOptions;
    }
    public void Apply(Operation operation, OperationFilterContext context)
    {
         if (operation.Security == null)
            operation.Security = new List<IDictionary<string, 
IEnumerable<string>>>();

        var oAuthRequirements = new Dictionary<string, IEnumerable<string>>
            {
                { "oauth2", Enumerable.Empty<string>() }
            };

        operation.Security.Add(oAuthRequirements);
    }
}

-- 
You received this message because you are subscribed to the Google Groups 
"Swagger" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
For more options, visit https://groups.google.com/d/optout.

Reply via email to