ASP.NET WebAPI 集成 Swagger 啓用 OAuth 2.0 配置問題
在 ASP.NET WebAPI 集成 Swagger 後,因爲接口使用了 IdentityServer 作的認證,調試起來很不方便;看了下 Swashbuckle 的文檔 ,是支持 OAuth2.0 的配置的,使用的簡化模式(Implicit grant type),交互的流程以下:html
Implicit Grant Type (簡化模式)
參數:git
- response_type:表示受權類型,此處的值固定爲"token",必選項。
- client_id:表示客戶端的ID,必選項。
- redirect_uri:表示重定向的URI,可選項。
- scope:表示權限範圍,可選項。
- state:表示客戶端的當前狀態,能夠指定任意值,認證服務器會原封不動地返回這個值。
GET /authorize?response_type=token&client_id=s6BhdRkqt3&state=xyz &redirect_uri=https%3A%2F%2Fclient%2Eexample%2Ecom%2Fcb HTTP/1.1 Host: server.example.com
認證服務器迴應客戶端的URI,包含如下參數:github
- access_token:表示訪問令牌,必選項。
- token_type:表示令牌類型,該值大小寫不敏感,必選項。
- expires_in:表示過時時間,單位爲秒。若是省略該參數,必須其餘方式設置過時時間。
- scope:表示權限範圍,若是與客戶端申請的範圍一致,此項可省略。
- state:若是客戶端的請求中包含這個參數,認證服務器的迴應也必須如出一轍包含這個參數。
HTTP/1.1 302 Foundweb
Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA
&state=xyz&token_type=example&expires_in=3600
Swagger 啓用 OAuth 2.0 配置
Idrv 中配置客戶端(Client)api
new Client { ClientName = "Test_API_Flow", ClientId = "api_test_api_flow", Flow = Flows.Implicit, ClientUri = "https://identityserver.io", RequireConsent = true, AllowRememberConsent = true, RedirectUris = new List<string> { "http://localhost:39106/swagger/ui/o2c-html", }, AllowedCorsOrigins = new List<string> { "http://localhost:39106" }, AccessTokenLifetime = 3600, AccessTokenType = AccessTokenType.Jwt, AllowAccessToAllScopes=true },
API:服務器
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions { Authority = IdsvSetting.Authority, ValidationMode = ValidationMode.ValidationEndpoint, RequiredScopes=new List<string> {"all","user","order"}} });
/// <summary> /// 早餐控制器 /// </summary> [RoutePrefix("api/v1/breakfast")] public class BreakfastController : ApiController { private static readonly Logger logger = LogManager.GetCurrentClassLogger(); /// <summary> /// 早餐服務 /// </summary> private readonly IBreakfastService _breakfastService; /// <summary> /// 構造方法 /// </summary> /// <param name="breakfastService">早餐服務</param> public BreakfastController(IBreakfastService breakfastService) { _breakfastService = breakfastService; } #region 得到酒店關聯的餐廳的酒店 /// <summary> /// 得到酒店關聯的餐廳的酒店 /// </summary> /// <param name="hotelcd">酒店編號</param> /// <returns>得到酒店關聯的餐廳的酒店</returns> [Authorize] [HttpGet] [Route("{hotelcd}/mapping")] public async Task<IHttpActionResult> GetXhotelBreakfastHotelMappingRequest(string hotelcd) { var response = await _breakfastService.GetXhotelBreakfastHotelMappingRequest(hotelcd); return Json(response); } #endregion } }
配置 SwaggerConfigapp
//https://tsso.xxx.cn/connect/authorize?response_type=token&redirect_uri=http%3A%2F%2Flocalhost%3A39106%2Fswagger%2Fui%2Fo2c-html&realm=test-realm&client_id=api_test_api_flow&scope=all%20%20&state=oauth2 c.OAuth2("oauth2") .Description("OAuth2 Implicit Grant") .Flow("implicit") .AuthorizationUrl("https://tsso.xxx.cn/connect/authorize") //.TokenUrl("https://sso.xxx.cn/connect/token") .Scopes(scopes => { scopes.Add("all", "all access to protected resources"); scopes.Add("user", "user access to protected resources"); scopes.Add("order", "order access to protected resources"); }); ...
c.OperationFilter<AssignOAuth2SecurityRequirements>(); c.EnableOAuth2Support( clientId: "api_test_api_flow", clientSecret: null, realm: "test-realm", appName: "Swagger UI" //additionalQueryStringParams: new Dictionary<string, string>() { { "foo", "bar" } } );
public class AssignOAuth2SecurityRequirements : IOperationFilter { public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription) { var actFilters = apiDescription.ActionDescriptor.GetFilterPipeline(); var allowsAnonymous = actFilters.Select(f => f.Instance).OfType<OverrideAuthorizationAttribute>().Any(); if (allowsAnonymous) return; // must be an anonymous method //var scopes = apiDescription.ActionDescriptor.GetFilterPipeline() // .Select(filterInfo => filterInfo.Instance) // .OfType<AllowAnonymousAttribute>() // .SelectMany(attr => attr.Roles.Split(',')) // .Distinct(); if (operation.security == null) operation.security = new List<IDictionary<string, IEnumerable<string>>>(); var oAuthRequirements = new Dictionary<string, IEnumerable<string>> { {"oauth2", new List<string> {"all","user","order"}} }; operation.security.Add(oAuthRequirements); } }
OK ,配置完成,點擊紅色的圈圈,登陸成功會302到 http://localhost:39106/swagger/ui/o2c-htm 上dom
固然也能夠退出受權:async
REFER:ide
https://www.scottbrady91.com/Identity-Server/ASPNET-Core-Swagger-UI-Authorization-using-IdentityServer4
https://stackoverflow.com/questions/33752900/enable-oauth2-client-credentials-flow-in-swashbuckle
https://stackoverflow.com/questions/29275499/swagger-swashbuckle-oauth2-with-resource-owner-password-credentials-grant?rq=1
http://knowyourtoolset.com/2015/08/secure-web-apis-with-swagger-swashbuckle-and-oauth2-part-2/
相關文章
- 1. Asp.Net Mvc WebApi集成Swagger
- 2. webapi 集成swagger
- 3. asp.net core 2.0 webapi集成signalr
- 4. webapi 配置swagger出現問題:not supported by swagger 2.0
- 5. webApi集成swagger
- 6. ASP.NET WEBAPI 使用Swagger生成API文檔
- 7. asp.net core webapi swagger 使用二
- 8. Asp.Net Core webApi Swagger 配置說明
- 9. netcore3.0 webapi集成Swagger 5.0,Swagger使用
- 10. .NetCore WebApi——Swagger簡單配置
- 更多相關文章...
- • Eclipse Debug 配置 - Eclipse 教程
- • Maven 環境配置 - Maven教程
- • ☆技術問答集錦(13)Java Instrument原理
- • IntelliJ IDEA 代碼格式化配置和快捷鍵
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. Asp.Net Mvc WebApi集成Swagger
- 2. webapi 集成swagger
- 3. asp.net core 2.0 webapi集成signalr
- 4. webapi 配置swagger出現問題:not supported by swagger 2.0
- 5. webApi集成swagger
- 6. ASP.NET WEBAPI 使用Swagger生成API文檔
- 7. asp.net core webapi swagger 使用二
- 8. Asp.Net Core webApi Swagger 配置說明
- 9. netcore3.0 webapi集成Swagger 5.0,Swagger使用
- 10. .NetCore WebApi——Swagger簡單配置