问题
I am trying to setup the swagger authentication to the OKTA. But getting the error as
invalid_scope","error_description":"Custom+scopes+are+not+allowed+for+this+request.
Not sure how to resolve this issue.
Here is my setup code
public const string ResourceIdentifier = "id-gateway-api";
public void Configure(SwaggerGenOptions options)
{
foreach (var description in provider.ApiVersionDescriptions)
{
options.SwaggerDoc(description.GroupName, CreateInfoForApiVersion(description));
}
options.OrderActionsBy(apiDesc => apiDesc.RelativePath);
options.IncludeXmlComments(Path.ChangeExtension(typeof(Startup).GetTypeInfo().Assembly.Location, "xml"));
options.DescribeAllEnumsAsStrings();
options.DescribeStringEnumsInCamelCase();
//options.AddSecurityRequirement(new[] { "oauth2", "api1" });
var OktaConfig = new OktaConfig();
Configuration.GetSection("OktaConfig").Bind(OktaConfig);
options.AddSecurityDefinition("oauth2",
new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
Implicit = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri(OktaConfig.OktaDomain),
Scopes = new Dictionary<string, string>
{
{Program.ResourceIdentifier, Program.ApplicationName}
}
}
}
});
options.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "oauth2"
}
},
new[] {"oauth2", Program.ResourceIdentifier }
}
});
options.EnableAnnotations();
}
Middleware setup
public static void UseSwaggerMiddleware(this IApplicationBuilder app, IApiVersionDescriptionProvider provider, IConfiguration Configuration)
{
app.UseSwagger();
// Enable middleware to serve swagger-ui (HTML, JS, CSS etc.), specifying the Swagger JSON endpoint.
app.UseSwaggerUI(c =>
{
// build a swagger endpoint for each discovered API version
foreach (var description in provider.ApiVersionDescriptions)
{
c.SwaggerEndpoint($"/swagger/{description.GroupName}/swagger.json", description.GroupName.ToUpperInvariant());
}
//OAuth2
var OktaConfig = new OktaConfig();
Configuration.GetSection("OktaConfig").Bind(OktaConfig);
c.OAuthClientId(OktaConfig.ClientId);
//c.OAuth2RedirectUrl("");
//c.OAuthUseBasicAuthenticationWithAccessCodeGrant();
c.OAuthClientSecret(OktaConfig.ClientSecret);
c.OAuthAppName(OktaConfig.ClientName);
c.OAuthScopeSeparator($"openid profile email {Program.ResourceIdentifier}");
//c.ConfigObject.DeepLinking = true;
});
}
Okta setup
Error
Errors Hide
Auth error
{"state":"VGh1IE9jdCAwMyAyMDE5IDE3OjM1OjA2IEdNVCsxMDAwIChBVVMgRWFzdGVybiBTdGFuZGFyZCBUaW1lKQ==","error":"invalid_scope","error_description":"Custom+scopes+are+not+allowed+for+this+request."}
来源:https://stackoverflow.com/questions/58214596/auth-error-invalid-scope-error-descriptioncustomscopesarenotallowedfor