我正在尝试将Swashbuckle 5.0.x与OAuth2一起使用。我想使用OAuth2的资源所有者密码凭据授权。我基本上只想先请求令牌并在每个请求中包含此令牌(例如,不需要范围)。
有人能帮忙吗?我如何配置swagger / swashbuckle?
谢谢@Dunken。你的答案几乎解决了我的问题,但为了使它与最新的Swashbuckle版本一起工作,我不得不改变它有点像这样
$('#explore').off();
$('#explore').click(function () {
var key = $('#input_apiKey')[0].value;
var credentials = key.split(':'); //username:password expected
$.ajax({
url: "yourAuthEndpoint",
type: "post",
contenttype: 'x-www-form-urlencoded',
data: "grant_type=password&username=" + credentials[0] + "&password=" + credentials[1],
success: function (response) {
var bearerToken = 'Bearer ' + response.access_token;
window.swaggerUi.api.clientAuthorizations.add('Authorization', new SwaggerClient.ApiKeyAuthorization('Authorization', bearerToken, 'header'));
window.swaggerUi.api.clientAuthorizations.remove("api_key");
alert("Login successfull");
},
error: function (xhr, ajaxoptions, thrownerror) {
alert("Login failed!");
}
});
});
好的,我这样解决了:
为swagger添加JavaScript完成处理程序:
config
.EnableSwagger(c => {
//do stuff
})
.EnableSwaggerUi(c => {
c.InjectJavaScript(typeof(Startup).Assembly, "MyNamespace.SwaggerExtensions.onComplete.js");
});
从API_KEY文本框中获取用户名:密码:
$('#input_apiKey').change(function () {
var key = $('#input_apiKey')[0].value;
var credentials = key.split(':'); //username:password expected
$.ajax({
url: "myURL",
type: "post",
contenttype: 'x-www-form-urlencoded',
data: "grant_type=password&username=" + credentials[0] + "&password=" + credentials[1],
success: function (response) {
var bearerToken = 'Bearer ' + response.access_token;
window.authorizations.add('key', new ApiKeyAuthorization('Authorization', bearerToken, 'header'));
},
error: function (xhr, ajaxoptions, thrownerror) {
alert("Login failed!");
}
});
});
我有一个问题,解决方案.InjectJavaScript()解决了我的问题,不同之处在于我有自定义授权类型,因为swagger-ui-min.js的基本代码具有硬编码密码,用于流密码,解决方案覆盖了他们的代码:
$(function () {
window.SwaggerUi.Views.AuthView = Backbone.View.extend({
events: (...),
tpls: (...),
selectors: {
innerEl: ".auth_inner",
authBtn: ".auth_submit__button"
},
initialize: function (e)(...),
render: function ()(...),
authorizeClick: function (e)(...),
authorize: function ()(...),
logoutClick: function (e)(...),
handleOauth2Login: function (e)(...),
clientCredentialsFlow: function (e, t, n)(...),
passwordFlow: function (e, t, n) {
this.accessTokenRequest(e, t, n, "mygrant", {
username: t.username,
password: t.password
})
},
accessTokenRequest: function (e, t, n, r, i) {
i = $.extend({}, {
scope: e.join(" "),
grant_type: r
}, i);
var a = {};
switch (t.clientAuthenticationType) {
case "basic":
a.Authorization = "Basic " + btoa(t.clientId + ":" + t.clientSecret);
break;
case "request-body":
i.client_id = t.clientId,
i.client_secret = t.clientSecret
}
$.ajax(...)
}
});
});
(...)有我从swagger-ui-min.js复制的原始代码。
类似的答案@ rui-estreito和@ prime-z,但这会在第一次“探索”API时提示输入用户名和密码。
c.InjectJavaScript(thisAssembly, "<project namespace>.CustomContent.apikey.js")
(function () {
$(function () {
console.log("loaded custom auth");
$('#input_apiKey').off();
$('#explore').off();
$('#explore').click(function () {
var credentials_un = prompt("Username");
var credentials_password = prompt("Password");
var client_id = $('#input_apiKey')[0].value;
$.ajax({
url: document.location.origin + "/token",
type: "post",
contenttype: 'x-www-form-urlencoded',
data: "grant_type=password&username=" + credentials_un + "&password=" + credentials_password + "&client_id=" + client_id,
success: function (response) {
var bearerToken = 'Bearer ' + response.access_token;
window.swaggerUi.api.clientAuthorizations.add('Authorization', new SwaggerClient.ApiKeyAuthorization('Authorization', bearerToken, 'header'));
alert("Login successfull");
},
error: function (xhr, ajaxoptions, thrownerror) {
alert("Login failed!");
}
});
});
/*
*/
});
})();
BuildAction更改为“嵌入式资源”