问题
Im using Swashbuckle v5.0.0 in a .net-core 2.1 application to generate my api-documentation.
I've added this security definition:
cfg.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Name = "oauth2",
Type = SecuritySchemeType.OAuth2,
Scheme = IdentityServerAuthenticationDefaults.AuthenticationScheme,
Extensions = new Dictionary<string, IOpenApiExtension>
{
{ "x-tokenName", new OpenApiString("token id_token") }
},
Flows = new OpenApiOAuthFlows()
{
Implicit = new OpenApiOAuthFlow()
{
Scopes = swaggerSettings.Scopes,
AuthorizationUrl = new Uri(authorizationUrl),
TokenUrl = new Uri(swaggerSettings.IdentityProviderUrl + "/connect/token"),
}
},
});
This is the api-specification that is getting generated from it (just the important part):
It almost works perfectly, as I can even open the following dialog in the swagger ui and also do a full authorization:
But the problem is, even though the x-tokenName value is set to "token id_token" (which is required to receive an access token containing also identity-scopes, as profile and openid), the request send by the swagger-ui, recorded by fiddler, is this (cut to the important part):
GET /usermgmt/identityprovider/connect/authorize?response_type=token&[...]
On the web I can find threads about that what I'm trying to achieve was supported for a while, then it wasnt and I don't know if it is now - it seems it isnt but I think this feature is important so it should be there.
I need this because I want to request user-groups from the profile-endpoint using access tokens created on the request of the swagger-ui.
Please help :)
回答1:
You are misunderstanding the purpose of x-tokenName in Swagger UI. This extension specifies the field of the OAuth 2.0 token endpoint response to be extracted and subsequently used in the Authorization: Bearer <token>.
By default, the bearer token is extracted from access_token:
{
"access_token": "abcde12345",
"token_type": "Bearer",
"expires_in": 3599,
"id_token": "...."
}
=>
Authorization: Bearer abcde12345
If the security scheme definition specifies, for example, x-tokenName: id_token, then the value of id_token will be used as the bearer token instead:
{
"access_token": "....",
"token_type": "Bearer",
"expires_in": 3599,
"id_token": "xyz987"
}
=>
Authorization: Bearer xyz987
More info about x-tokenName: here and here.
I want to achieve that the authorization link swagger ui generates and sends the user to the identity-provider contains "response_type=token id_token&[...]"
id_token is used in Open ID Connect (OIDC) flows, which is an extension of OAuth 2.0. Swagger UI currently does not support OIDC.
When OIDC is supported in Swagger UI, you'll also need to change your security scheme definition from type: oauth2 to type: openIdConnect:
{
...
"components": {
"securitySchemes": {
"openId": {
"type": "openIdConnect",
"openIdConnectUrl": "https://path/to/.well-known/openid-configuration"
}
}
}
}
来源:https://stackoverflow.com/questions/59783899/swagger-ui-ignoring-x-tokenname-extension