5wdgJibXS7DEE
commented
4 years ago Indeed Swagger UI do not respond well to the way the swagger.json file was generated with the use of AddAuthorizationHeaderParameterOperationFilter and/or AuthTokenOperation as you guessed correctly.
In order to make sure of that, I tested Swagger UI with a swagger.json I created manually. The UI works fine:
- with Basic auth
- with Token auth with a security scheme as OAuth2. The other possible security scheme would be HTTP. But in this case the Swagger UI is less friendly. It prompts for the token despite the user has no way to get it.
They are changes in the UI/UX:
- there is no more the Authentication tag with endpoints for authentication/logout
- a button Authorize opens a modal where user can enter its id/secret; this will set the right Authorization header for all subsequent requests. The user will not need anymore to pass around the token.
My point of view is that this change is for the best. It simplifies the use of the API for testing. Here is a screenshot:
After a quick read of Swashbuckle docs I think I can generate a similar swagger.json using AddSecurityRequirement in configuration.
@ttu Is it fine for you if I go this way?
ttu
On branch
update-to-core-30the endpoints under Authentification tag in Swagger UI are unusable with various symptoms on the following browsers :Those endpoints work fine with cURL commands. The problem comes from Swagger UI.
Note: on branch
masterwith .NET Core 2.2, despite the web browser receives the auth token, the Swagger UI does not display the response. Is it important to fix that, or should we focus our effort on .NET Core 3?