PanacheSoftwareDev
commented
4 years ago At the moment the Swagger UI code for documenting WebAPI calls uses JWT Bearer authorization. It will be cleaner to move this to use OAuth against the Identity service to provide a login instead of needing the user to manually enter a token.
Although HTTPS can be used locally whilst debugging the platform, full https support is not yet included within the published docker images due to the requirements for certificates to be setup.
In addition to missing HTTPS in docker images, the identity service currently stores authorisation tokens within an in memory store. This needs to be adjusted to include IdentityServer stores within the database alongside the other authorisation data.