使用授权标头 (Bearer) 设置 Swagger (ASP.NET Core)
我有一个 Web API (ASP.NET Core),我正在尝试调整招摇以从中进行调用。调用必须包含 Authorization 标头,并且我正在使用 Bearer 身份验证。来自 Postman 等第三方应用程序的呼叫运行良好。但是我在为 swagger 设置标题时遇到了问题(由于某种原因,我没有收到标题)。这是它现在的样子:
"host": "localhost:50352",
"basePath": "/" ,
"schemes": [
"http",
"https"
],
"securityDefinitions": {
"Bearer": {
"name": "Authorization",
"in": "header",
"type": "apiKey",
"description": "HTTP/HTTPS Bearer"
}
},
"paths": {
"/v1/{subAccountId}/test1": {
"post": {
"tags": [
"auth"
],
"operationId": "op1",
"consumes": ["application/json", "application/html"],
"produces": ["application/json", "application/html"],
"parameters": [
{
"name": "subAccountId",
"in": "path",
"required": true,
"type": "string"
}
],
"security":[{
"Bearer": []
}],
"responses": {
"204": {
"description": "No Content"
},
"400": {
"description": "BadRequest",
"schema": {
"$ref": "#/definitions/ErrorResponse"
}
},
"401": {
"description": "Unauthorized",
"schema": {
"$ref": "#/definitions/ErrorResponse"
}
},
"500": {
"description": "InternalServerError",
"schema": {
"$ref": "#/definitions/ErrorResponse"
}
}
},
"deprecated": false
}
},
ApiKeyScheme 已被弃用,在第 5 版中您可以像这样使用:
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Info { Title = "You api title", Version = "v1" });
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Description = @"JWT Authorization header using the Bearer scheme. \r\n\r\n
Enter 'Bearer' [space] and then your token in the text input below.
\r\n\r\nExample: 'Bearer 12345abcdef'",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey,
Scheme = "Bearer"
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement()
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
},
Scheme = "oauth2",
Name = "Bearer",
In = ParameterLocation.Header,
},
new List<string>()
}
});
var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml";
var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile);
c.IncludeXmlComments(xmlPath);
});
首先,您可以使用 Swashbuckle.AspNetCore nuget 包来自动生成您的招摇定义。 (在 2.3.0 测试)
安装包后,在 Startup.cs 方法 ConfigureServices 中设置它
services.AddSwaggerGen(c => {
c.SwaggerDoc("v1", new Info { Title = "You api title", Version = "v1" });
c.AddSecurityDefinition("Bearer",
new ApiKeyScheme { In = "header",
Description = "Please enter into field the word 'Bearer' following by space and JWT",
Name = "Authorization", Type = "apiKey" });
c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>> {
{ "Bearer", Enumerable.Empty<string>() },
});
});
然后您可以使用页面右上角的授权按钮。
至少你可以尝试使用这个包来生成有效的 swagger 定义
小费!
为避免总是在 Swagger(又名 Swashbuckle)身份验证对话框中写入关键字 Bearer,例如:"bearer xT1...",您可以在 Startup 类的 ConfigureServices(...) 方法上使用以下代码/配置:
using Microsoft.OpenApi.Models;
...
services.AddSwaggerGen(setup =>
{
// Include 'SecurityScheme' to use JWT Authentication
var jwtSecurityScheme = new OpenApiSecurityScheme
{
Scheme = "bearer",
BearerFormat = "JWT",
Name = "JWT Authentication",
In = ParameterLocation.Header,
Type = SecuritySchemeType.Http,
Description = "Put **_ONLY_** your JWT Bearer token on textbox below!",
Reference = new OpenApiReference
{
Id = JwtBearerDefaults.AuthenticationScheme,
Type = ReferenceType.SecurityScheme
}
};
setup.AddSecurityDefinition(jwtSecurityScheme.Reference.Id, jwtSecurityScheme);
setup.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{ jwtSecurityScheme, Array.Empty<string>() }
});
});
我们可以做到这一点,只需将 OpenApiSecurityScheme 类的 Type 属性更改为:
Type = SecuritySchemeType.Http
反而
Type = SecuritySchemeType.ApiKey。
https://i.stack.imgur.com/88nJd.png
https://i.stack.imgur.com/EjHEY.png
套餐:
Swashbuckle.AspNetCore(5.6.3)
Swashbuckle.AspNetCore.SwaggerUI(5.6.3)
我正在使用 .NET Core 3.1,希望对您有所帮助!
使用 ASP.Net Core 3.1,这对我有用:
services.AddSwaggerGen(s =>
{
s.SwaggerDoc("v1", new OpenApiInfo
{
Version = "v1",
Title = "Chat API",
Description = "Chat API Swagger Surface",
Contact = new OpenApiContact
{
Name = "João Victor Ignacio",
Email = "ignaciojvig@gmail.com",
Url = new Uri("https://www.linkedin.com/in/ignaciojv/")
},
License = new OpenApiLicense
{
Name = "MIT",
Url = new Uri("https://github.com/ignaciojvig/ChatAPI/blob/master/LICENSE")
}
});
s.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Description = "JWT Authorization header using the Bearer scheme (Example: 'Bearer 12345abcdef')",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey,
Scheme = "Bearer"
});
s.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
}
},
Array.Empty<string>()
}
});
});
无需单独生成令牌并在 swagger 中键入。 Swagger 也支持生成部分。下面使用 asp.net core 3.1 和 keycloack auth 为我工作。
swagger.AddSecurityDefinition(JwtBearerDefaults.AuthenticationScheme, new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
Implicit = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri("https://youauthsrv.com/auth/realms/your-realm/protocol/openid-connect/auth"),
}
},
In = ParameterLocation.Header,
Scheme = JwtBearerDefaults.AuthenticationScheme,
});
swagger.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = JwtBearerDefaults.AuthenticationScheme
}
},
new string[] {}
}
});
在配置中
app.UseSwaggerUI(c =>
{
c.OAuthClientId("clientname");
c.OAuthRealm("your-realm");
});
而不是 \r\n 才能正确显示消息。 ii) 而不是 new Info { ... 我需要 new OpenApiInfo {Title ... 。 [使用 swashbuckle.aspnetcore 5.0.0 和 Microsoft.OpenApi 1.1.4 [.net core 3.1]]
而不是 "\r\n"