search

domaindrivendev / Swashbuckle.AspNetCore

Swagger tools for documenting API's built on ASP.NET Core
MIT License
5.25k stars 1.31k forks source link

Authorization header not in curl request after authentication #624

Closed cwardcode closed 6 years ago

cwardcode commented 6 years ago

I am attempting to upgrade to the latest version of Swashbuckle (2.1.0), and was previously using version 1.2.0.

My Configure method looks like:

app.UseSwagger();
                app.UseSwaggerUI(c =>
                {
                    c.IndexStream = () => GetType().GetTypeInfo().Assembly.GetManifestResourceStream("API.Swagger.index.html");
                    c.SwaggerEndpoint("/swagger/v0.0.1/swagger.json", "API Description");
                    c.OAuthClientId("API.SwaggerDocs");
                    c.OAuthRealm("API.SwaggerDocs");
                    c.OAuthAppName("API.SwaggerDocs");
                    c.OAuthAdditionalQueryStringParams(new {
                        nonce = PasswordGenerator.GenerateComplex(32, new[] {Sets.Alphanumerics, Sets.Symbols}),
                    });
                    c.OAuthScopeSeparator(" ");
                });

and my ConfigureServices method looks like:

services.AddSwaggerGen(c =>
                {
                    c.SwaggerDoc("v0.0.1", new Info
                    {
                        Title = "API Documentation",
                        Version = "v0.0.1",
                        Description = "An API",
                        Contact = new Contact { Name = "John Doe", Email = "jdoe@test.local" }
                    });

                    var basePath = PlatformServices.Default.Application.ApplicationBasePath;
                    var xmlPath = Path.Combine(basePath,
                        typeof(Program).GetTypeInfo().Assembly.GetName().Name + ".xml");
                    c.IncludeXmlComments(xmlPath);
                });

                services.ConfigureSwaggerGen(swaggerGen =>
                {
                    swaggerGen.AddSecurityDefinition("API.SwaggerDocs", new OAuth2Scheme
                    {
                        AuthorizationUrl = identityBaseUri + "/connect/authorize",
                        Flow = "implicit",
                        TokenUrl = identityBaseUri + "/connect/token",
                        Scopes = new Dictionary<string, string>
                        {
                            {"openid", "OpenId"}
                        },

                    });
                });

I am using a custom index.html that only has this addition <script src="/js/swagger-ui-oidc.js"</script> The contents of this file are:

window.swaggerUiAuth = window.swaggerUiAuth || {};
window.swaggerUiAuth.tokenName = 'access_token';
if (!window.isOpenReplaced) {
    window.open = function (open) {
        return function (url) {
            url = url.replace('response_type=token', 'response_type=id_token+token');
            return open.call(window, url);
        };
    }(window.open);
    window.isOpenReplaced = true;
}

This file allows us to retrieve an id token as well as an access token, to allow us to authenticate with an IdentityServer4 instance.

With this code in place, I can authenticate successfully: image

However, when attempting to execute a request, the curl preview box does not contain the Authorization header. image

The full request/response header information from Chrome DevTools: image

Using Swashbuckle version 1.2.0, the Authorization header was being sent with the request successfully, but now it isn't. Any advice would be greatly appreciated!

domaindrivendev commented 6 years ago

Dup of #603