swagger asp..net核心3.1的隐式承载流
swagger asp..net核心3.1的隐式承载流
提问于 2020-03-25 16:36:03
有没有办法自动将不记名令牌放到Swagger中的每个请求中?我不想在应该与identity交互的地方使用oauth隐式流。
我想为我的api提供一个端点,它可以获取访问令牌,并自动将其放到每个请求中。
回答 1
Stack Overflow用户
发布于 2020-03-30 08:59:58
在你的创业课程中:
// prevent from mapping "sub" claim to nameidentifier.
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Remove("sub");
var identityUrl = configuration.GetValue<string>("IdentityUrl");
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
})
.AddJwtBearer(options =>
{
options.Authority = identityUrl;
options.RequireHttpsMetadata = false;
options.Audience = "demo_api";
});SwaggerGen
services.AddSwaggerGen(options =>
{
...
options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
Implicit = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri($"{configuration.GetValue<string>("IdentityUrl")}/connect/authorize"),
TokenUrl = new Uri($"{configuration.GetValue<string>("IdentityUrl")}/connect/token"),
Scopes = new Dictionary<string, string>()
{
{ "api1", "Demo API - full access" }
}
}
}
});操作过滤器
options.OperationFilter<AuthorizeCheckOperationFilter>();实现
public class AuthorizeCheckOperationFilter : IOperationFilter
{
public void Apply(OpenApiOperation operation, OperationFilterContext context)
{
var hasAuthorize = context.MethodInfo.DeclaringType.GetCustomAttributes(true).OfType<AuthorizeAttribute>().Any() ||
context.MethodInfo.GetCustomAttributes(true).OfType<AuthorizeAttribute>().Any();
if (!hasAuthorize) return;
var unauthorizedHashCode = HttpStatusCode.Unauthorized.GetHashCode().ToString();
var unauthorizedDescription = HttpStatusCode.Unauthorized.ToString();
var forbiddenHashCode = HttpStatusCode.Forbidden.GetHashCode().ToString();
var forbiddenDescription = HttpStatusCode.Forbidden.ToString();
operation.Responses.TryAdd(unauthorizedHashCode, new OpenApiResponse { Description = unauthorizedDescription });
operation.Responses.TryAdd(forbiddenHashCode, new OpenApiResponse { Description = forbiddenDescription });
var oAuthScheme = new OpenApiSecurityScheme
{
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "oauth2" }
};
operation.Security = new List<OpenApiSecurityRequirement>
{
new OpenApiSecurityRequirement
{
[ oAuthScheme ] = new [] { "api1" }
}
};
}
}使用这个
// Keep both UseAuthentication and UseAuthorization IN THIS ORDER
app.UseAuthentication();
app.UseAuthorization();使用Swagger
app.UseSwagger(c =>
{
c.RouteTemplate = "swagger/{documentName}/swagger.json";
});
app.UseSwaggerUI(s =>
{
s.SwaggerEndpoint("/swagger/v1/swagger.json", "Your awesome project name");
s.OAuthAppName("My API - Swagger");
s.OAuthClientId("client");
// Should match the client RedirectUrl in the IdentityServer
s.OAuth2RedirectUrl("https://localhost:5001/swagger/oauth2-redirect.html");
});您的控制器
[Authorize]
[ApiController]
[Route("api/[controller]")] // TODO: Take care of the versioning
public class IndentityController : ControllerBase
{
...现在在IdentityServer项目中。ApiResources:
public static IEnumerable<ApiResource> GetApiResources()
{
return new List<ApiResource>
{
new ApiResource("api1", "My API")
};
}最后,你的客户端应该是这样的:
new Client
{
ClientId = "client",
AllowedGrantTypes = GrantTypes.Implicit,
RedirectUris = { "https://localhost:5001/swagger/oauth2-redirect.html" },
AllowedScopes = { "api1" },
AllowAccessTokensViaBrowser = true,
RequireConsent = false
}要获得完整的源代码,请查看eShopOnContainers repo
祝你好运:)
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/60845270
复制相关文章
相似问题
腾讯云开发者
