[英]How do I configure SwaggerGen with OpenIddict parameters for client credentials grant?
我試圖弄清楚如何配置 SwaggerGen 來填充/顯示 OpenIddict 和客戶端憑據授予的字段/參數。
services.AddDbContext<AppDbContext>(options =>
{
options.UseSqlServer(Configuration.GetConnectionString("DefaultConnection"));
options.UseOpenIddict();
});
services.AddOpenIddict()
.AddCore(options =>
{
// Configure OpenIddict to use the Entity Framework Core stores and models.
// Note: call ReplaceDefaultEntities() to replace the default entities.
options.UseEntityFrameworkCore().UseDbContext<AppDbContext>();
})
.AddServer(options =>
{
// Enable the token endpoint.
options.SetTokenEndpointUris("/connect/token");
// Enable the client credentials flow.
options.AllowClientCredentialsFlow();
// Register the signing and encryption credentials.
options.AddDevelopmentEncryptionCertificate()
.AddDevelopmentSigningCertificate();
// Register the ASP.NET Core host and configure the ASP.NET Core options.
options.UseAspNetCore()
.EnableTokenEndpointPassthrough();
})
.AddValidation(options =>
{
// Import the configuration from the local OpenIddict server instance.
options.UseLocalServer();
// Register the ASP.NET Core host.
options.UseAspNetCore();
});
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new OpenApiInfo { Title = "PCM", Version = "v1" });
options.AddSecurityDefinition("Authentication", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OpenIdConnect,
Description = "Description",
In = ParameterLocation.Header,
Name = "Notsure",
Flows = new OpenApiOAuthFlows
{
ClientCredentials = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri("/connect/token", UriKind.Relative),
TokenUrl = new Uri("/connect/token", UriKind.Relative),
Scopes = new Dictionary<string, string>()
{
}
}
},
OpenIdConnectUrl = new Uri("/connect/authorize", UriKind.Relative)
});
});
它顯示授權按鈕,但當我單擊它時,它會打開一個空模式,如下圖所示:
感謝任何可以向我指出一些文檔的人,這些文檔可以解釋我需要在services.AddSwaggerGen()中配置什么來進行配置,這樣我們就可以通過 Swagger 生成的交互式文檔輕松測試我們的 API。
在定義OpenApiSecurityScheme時,您需要指定更多選項。
您可以通過以下方式進行設置:
TokenUrl 。 客戶端憑據流適用於/token端點,因此我們必須為其提供正確的 URL。 這里我使用了 IdentityServer 的演示服務器Bearer方案的Authorization標頭中發送。public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddSwaggerGen(
c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "ApiPlayground", Version = "v1" });
c.AddSecurityDefinition(
"oauth",
new OpenApiSecurityScheme
{
Flows = new OpenApiOAuthFlows
{
ClientCredentials = new OpenApiOAuthFlow
{
Scopes = new Dictionary<string, string>
{
["api"] = "api scope description"
},
TokenUrl = new Uri("https://demo.identityserver.io/connect/token"),
},
},
In = ParameterLocation.Header,
Name = HeaderNames.Authorization,
Type = SecuritySchemeType.OAuth2
}
);
c.AddSecurityRequirement(
new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{ Type = ReferenceType.SecurityScheme, Id = "oauth" },
},
new[] { "api" }
}
}
);
}
);
}
這是所有設置后的外觀:
身份驗證后,它會填充令牌:
現在我們可以發送請求,Swagger UI 如我們所期望的那樣在標頭中包含令牌:
最后,我們可以使用一些默認值預填充 auth 對話框:
在我們設置 Swagger UI 的Startup:Configure方法中,我們可以指定客戶端 id + secret(這違背了目的,但在本地開發中可能會被證明是有用的)
app.UseSwaggerUI(c => {
c.SwaggerEndpoint("/swagger/v1/swagger.json", "ApiPlayground v1");
c.OAuthClientId("m2m");
c.OAuthClientSecret("secret");
});
您需要配置 swagger 來發現 OpenIddict 配置。 請參閱下面的代碼示例:
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new OpenApiInfo { Title = "PCM", Version = "v1" });
options.AddSecurityDefinition("Authentication", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OpenIdConnect,
Description = "Description",
In = ParameterLocation.Header,
Name = HeaderNames.Authorization,
Flows = new OpenApiOAuthFlows
{
ClientCredentials = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri("/connect/token", UriKind.Relative),
TokenUrl = new Uri("/connect/token", UriKind.Relative)
}
},
OpenIdConnectUrl = new Uri("/.well-known/openid-configuration", UriKind.Relative)
});
options.AddSecurityRequirement(
new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{ Type = ReferenceType.SecurityScheme, Id = "oauth" },
},
Array.Empty<string>()
}
}
);
});
如何在 angular http 請求中實現 client_credentials 授權類型?
[英]How to implement a client_credentials grant type in an angular http request?
如何使用 AD FS 2019 + MSAL 傳遞聲明,使用 OAuth 2.0 客戶端憑據授予類型
[英]How to pass though claims with AD FS 2019 + MSAL, using OAuth 2.0 client credentials grant type
c#(rest服務)如何設置grant_type為key,value為client_credentials
[英]How to set grant_type as key and value as client_credentials in c# (rest service)
在C#WebAPI中,如何配置CORS以允許具有憑據和JSON內容的POST請求?
[英]In C# WebAPI, how do I configure CORS to allow a POST request with credentials and json content?
如何在 postman 中使用授權類型客戶端憑據或谷歌驅動器密碼獲取訪問令牌
[英]how to get access token using grant type client credentials or password for google drive in postman
如何使用參數配置mvc core 2依賴項注入,其中參數之一是依賴項?
[英]How do I configure mvc core 2 dependency injection with parameters, where one of the parameters is a dependency?
使用openiddict時如何避免使用Microsoft的Microsoft.AspNet.Identity包
[英]How do I avoid using Microsofts's Microsoft.AspNet.Identity package when using openiddict
如何將用戶名/密碼憑據從php客戶端傳遞到自托管的wcf服務?
[英]How do I pass username/password credentials from php client to self-hosted wcf service?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.