swaggerui集成oauth implicit
2024-10-18 21:23:42
swaggerui集成oauth implicit
添加引用
Swashbuckle.AspNetCore
IdentityServer4.AccessTokenValidation
预先准备好IdentityServer4配置client与Api Resources
Startup 配置 Authentication Api Resources 和SwaggerUI Client配置
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc(option =>
{
option.Filters.Add(typeof(ActionFilter));
option.Filters.Add(typeof(ExceptionFilter));
})
.SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
string youAuthority = "http://127.0.0.1";
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = youAuthority;
options.ApiName = "Api";
options.RequireHttpsMetadata = false;
});
services.AddSwaggerGen(options =>
{
options.SwaggerDoc("v1", new Info { Title = "Test Service API", Version = "v1" });
options.DocInclusionPredicate((docName, description) => true);
options.CustomSchemaIds(type => type.FullName);
options.AddSecurityDefinition("oauth2", new OAuth2Scheme
{
Type = "oauth2",
Flow = "implicit",
AuthorizationUrl = $"{youAuthority}/connect/authorize",
TokenUrl = $"{youAuthority}/connect/token",
Scopes = new Dictionary<string, string>()
{
{ "scope", "定义的scope" } //Api Resources 中的 scope
}
});
options.OperationFilter<AuthResponsesOperationFilter>();
});
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseAuthentication();
app.UseMiddleware<FirstMiddleware>();
app.UseMvc();
app.UseSwagger().
UseSwaggerUI(options =>
{
options.SwaggerEndpoint("/swagger/v1/swagger.json", "Test Service API");
//支持 implicit 的 Client
options.OAuthClientId("swaggerui");
options.OAuthAppName("Test Service Swagger Ui");
});
}
对有鉴权属性的方法添加请求时传递token和添加预设返回状态
public class AuthResponsesOperationFilter : IOperationFilter
{
public void Apply(Operation operation, OperationFilterContext context)
{
// 反射Controller 包含 AuthorizeAttribute 时在请求头添加authorization: Bearer
var controllerScopes = context.ApiDescription.ControllerAttributes()
.OfType<AuthorizeAttribute>()
.Select(attr => attr.Policy);
var actionScopes = context.MethodInfo
.GetCustomAttributes(true)
.OfType<AuthorizeAttribute>()
.Select(attr => attr.Policy)
.Distinct();
var requiredScopes = controllerScopes.Union(actionScopes).Distinct();
if (requiredScopes.Any())
{
operation.Responses.Add("401", new Response { Description = "Unauthorized" });
operation.Responses.Add("403", new Response { Description = "Forbidden" });
operation.Security = new List<IDictionary<string, IEnumerable<string>>>();
operation.Security.Add(new Dictionary<string, IEnumerable<string>>
{
{ "oauth2", requiredScopes }
});
}
}
}
在 Action 上添加 Authorize
[HttpGet("{id}")]
[Authorize]
public ActionResult<string> Get(int id)
{
return "value";
}
效果图
//新增的两种返回状态
operation.Responses.Add("401", new Response { Description = "Unauthorized" });
operation.Responses.Add("403", new Response { Description = "Forbidden" });
登录完后请求会带上authorization: Bearer
最新文章
- React Native IOS源码初探
- Spring boot 基于Spring MVC的Web应用和REST服务开发
- 结对编程之Fault、Error、Failure
- CF 335A(Banana-贪心-priority_queue是大根堆)
- cglib源码分析(一): 缓存和KEY
- asp.net网站性能优化2则
- Javascript预解析、作用域、作用域链
- 如此高效通用的分页存储过程是带有sql注入漏洞的
- 第二章 R语言数据结构
- springboot dubbo filter之依赖注入null
- DSAPI+DS控件库 Windows7风格控件演示
- 全文检索-Elasticsearch (一) 安装与基础概念
- 使用asp.net mvc + entityframework + sqlServer 搭建一个简单的code first项目
- 阿里云ossfs配置
- Navicat连接oracle库报错的处理方法
- $.ajax ,ajax请求添加请求头,添加Authorization字段
- 20165234 《Java程序设计》实验一 Java开发环境的熟悉
- CentOS ISO版本区别
- VUE基于ElementUI搭建的简易单页后台
- noip模拟【noname】