How swagger authentication works?
Hi I have developed swagger UI for my .net core web application. I have added authentication to it. I have registered two applications in my Azure AD. One for Swagger and one for Back end .Net core app. Below is my code.
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" });
c.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Type = "oauth2",
Flow = "implicit",
AuthorizationUrl = swaggerUIOptions.AuthorizationUrl,
TokenUrl = swaggerUIOptions.TokenUrl
});
c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
{ "oauth2", new[] { "readAccess", "writeAccess" } }
});
});
In the above code I am indicating type and flow. Also specifying AuthorizationUrl and token url. When coming to scopes, If I add scopes then that means my Swagger has access to added scopes or my back end api has access to those scopes? Then I have below code.
c.OAuthClientId(swaggerUIOptions.ClientId);
c.OAuthClientSecret(swaggerUIOptions.ClientSecret);
c.OAuthRealm(azureActiveDirectoryOptions.ClientId);
c.OAuthAppName("Swagger");
c.OAuthAdditionalQueryStringParams(new { resource = azureActiveDirectoryOptions.ClientId });
c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1");
When we develop swagger, We are getting access token for swagger app or back end app? Also I have c.OAuthRealm and passing my back end app client id. What this line of code do actually? Also when I add [Authorize] attribute in top of my API and then If i try to hit api directly It will not work. It will work only after authentication. So how Authorize attribute works exactly? Can someone help me to understand these things? Any help would be appreciated. Thanks
Regarding how to configure Swagger to authenticate against Azure AD, please refer to the following steps
Configure Azure AD for your web API. For more details, please refer to the document
a. Create Azure AD web api application
b. Expose API
c. Configure code
- config file
"AzureAd": {
"Instance": "https://login.microsoftonline.com/",
"ClientId": "[Client_id-of-web-api-eg-2ec40e65-ba09-4853-bcde-bcb60029e596]",
"TenantId": "<your tenant id>"
},
- Add following code in the Stratup.cs
services.AddAuthentication(AzureADDefaults.BearerAuthenticationScheme)
.AddAzureADBearer(options => Configuration.Bind("AzureAd", options));
Configure swagger. For more details, please refer to the blog.
a. Create Azure Web application
b. Configure API permissions. Regarding how to configure, you can refer to the document
c. code
- Install SDK
<PackageReference Include="Swashbuckle.AspNetCore" Version="4.0.1" />- Add the following code to Startup.cs in the ConfigureServices method:
services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Title = "My API", Version = "v1" }); c.AddSecurityDefinition("oauth2", new OAuth2Scheme { Type = "oauth2", Flow = "implicit", AuthorizationUrl = $"https://login.microsoftonline.com/{Configuration["AzureAD:TenantId"]}/oauth2/authorize", Scopes = new Dictionary<string, string> { { "user_impersonation", "Access API" } } }); c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>> { { "oauth2", new[] { "user_impersonation" } } }); });- Add the following code to the Configure method:
app.UseSwagger(); app.UseSwaggerUI(c => { c.OAuthClientId(Configuration["Swagger:ClientId"]); c.OAuthClientSecret(Configuration["Swagger:ClientSecret"]); c.OAuthRealm(Configuration["AzureAD:ClientId"]); c.OAuthAppName("My API V1"); c.OAuthScopeSeparator(" "); c.OAuthAdditionalQueryStringParams(new { resource = Configuration["AzureAD:ClientId"] }); c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1"); });
- Ruby's Net::SSH is limited to 3 authentication tries while OpenSSH client is not
- Cakephp: choose which data to save after login
- How do I make it to where my login will accept either an email or username in the username field
- How to set a cookie in client side in NextJS 13?
- How can I authenticate user token in Angular Guard if I am using Http-Only?
- How to override sfDoctrineGuard validators in order to allow login based on credentials
- Azure "easy auth" OpenID Connect scope
- problems with custom authentication provider in spring boot 3.3.0
- What If Session Expires While User Is Still On The Website
- Remix run: Authentication succeeds on validation failures
- WMS service basic authentication
- How to manage user claims?
- How to get the popup menu to select user certificate in Tomcat 10 server?
- Enable password and unix_socket authentication for MariaDB root user?
- How to consume from an eventsource API requiring auth headers?
- How to display an Error message when logging in fails in Reactjs
- Notify navbar of authenticated status when logged in (Angular)
- Proper way to store a token retrieved client-side in nextjs 13 "App Router" version?
- Signout and login not working in auth.js in Next14 with middleware and server actions
- Laravel: Auth::user()->id trying to get a property of a non-object
- 404 page not found when running firebase deploy
- .NET 8 Blazor Server - role authorization with Windows Authentication
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- Symfony2: How to change Entity Manager just before doing login_check
- JWT signature verification failing
- SMAppService register() - How to detect launch at startup/login vs regular launch?
- AppwriteException: User (role: guest) missing scope (account), not able to get account after creating a session
- authMiddleware doesn't exist after installing clerk
- Stop request in CookieAuthenticationEvents.OnValidatePrincipal after response body has been written to
- Blazor Hosted WebAssembly with Keycloak and Basic Authentication Issue