dotnet / aspnetcore

ASP.NET Core is a cross-platform .NET framework for building modern cloud-based web applications on Windows, Mac, or Linux.
https://asp.net
MIT License
35.42k stars 10.01k forks source link

[Spec] WebApi Project Template Add the ability to generate boiler plate code for authorization and Bearer Token #34560

Open davidbuckleyni opened 3 years ago

davidbuckleyni commented 3 years ago

Most apis cannot do without this day and age but to add a Bearer token and swagger documentation to the structure of their web api.

I think an option to be added to the new project screen for webapi. It seems very mundan code having to recreate it each time in a web api project and would create more continuity for the api to be standard.

*bFile New WIndowb Project Type: Web Api

Checkbox for Swagger Docs Checkbox for Bearer Tokens

Upon chosen this option the system should be smart enough to add the code to our header calls for httpclient

It should add the following code as default to the configure section.

  services.AddSwaggerGen(c => {
            c.SwaggerDoc("v1", new OpenApiInfo { Title = "Cella Crm", Version = "v1" });
            //   c.ResolveConflictingActions(apiDescriptions => apiDescriptions.First());
            //Expose XML comments in doc.
            c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
            {
                Description =
                    "JWT Authorization header using the Bearer scheme. \r\n\r\n Enter 'Bearer' [space] and then your token in the text input below.\r\n\r\nExample: \"Bearer 12345abcdef\"",
                Name = "Authorization",
                In = ParameterLocation.Header,
                Type = SecuritySchemeType.ApiKey,
                Scheme = "Bearer"
            });
            c.AddSecurityRequirement(new OpenApiSecurityRequirement
            {
                {
                    new OpenApiSecurityScheme
                    {
                        Reference = new OpenApiReference
                        {
                            Type = ReferenceType.SecurityScheme,
                            Id = "Bearer"
                        },
                        Scheme = "oauth2",
                        Name = "Bearer",
                        In = ParameterLocation.Header
                    },
                    new List<string>()
                }
            });
        });

        services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
       .AddJwtBearer(options => {
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = new SymmetricSecurityKey(Encoding.ASCII.GetBytes(Configuration.GetSection(Constants.ApiSecretValue).Value)),
            ValidateIssuer = false,
            ValidateAudience = false
        };
    });

Also as I am implementing swagger we should configure it as well in the configure section.

       if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
            app.UseSwagger();
        }

I understand that Microsoft are re doing web apis at present maybe this could all be replaced with a simple call.

webpi->setupbarrerToken()

ghost commented 3 years ago

We've moved this issue to the Backlog milestone. This means that it is not going to be worked on for the coming release. We will reassess the backlog following the current release and consider this item at that time. To learn more about our issue management process and to have better expectation regarding different types of issues you can read our Triage Process.

davidbuckleyni commented 1 year ago

thus seems to be covered by what @davidfowl did for blazor