如何在Swagger和NSwagStudio中使用OAuth

时间:2018-08-29 19:41:42

标签: swagger nswag

我正在尝试为提供此链接的swagger.json文件的API生成C#客户端; 

https://api.ekm.net/swagger/v1/swagger.json

使用NSwagStudo应用程序,我能够导入配置文件并生成一个名为Client.cs的文件,该文件实现了一个名为Client的类,并且具有与API匹配的方法。

但是,当我调用任何一种方法时,都会收到“未经授权”异常,并且找不到任何方法可以向客户端或使用其他身份验证方法进行类似操作的任何人提供OAuth密钥和机密。

检查swagger配置文件的确表明,将OAuth指示为身份验证方法,如下所示; 

"securityDefinitions": {
    "OAuth": {
        "flow": "accessCode",
        "authorizationUrl": "https://api.ekm.net/connect/authorize",
        "tokenUrl": "https://api.ekm.net/connect/token",
        "scopes": {
            "tempest.customers.read": "Read a shop's customers.",
            "tempest.customers.write": "Modify a shop's customers.",
            "tempest.orders.read": "Read a shops orders.",
            "tempest.orders.write": "Modify a shop's orders.",
            "tempest.products.read": "Read a shop's products.",
            "tempest.products.write": "Modify a shop's products.",
            "tempest.categories.read": "Read a shop's categories.",
            "tempest.categories.write": "Modify a shop's categories.",
            "tempest.settings.orderstatuses.read": "Read a shop's order statuses.",
            "tempest.settings.domains.read": "Read a shop's domains."
        },
        "type": "oauth2",
        "description": "In order to ensure the safety of our users data, we require all partner applications to register via the [Partner Dashboard](https://partners.ekm.net/). Once registered, partners are provided with an application key, which can be used during an OAuth2 handshake to create a token. This token can then used to make requests on behalf of a merchant."
    }
},

我的测试代码如下; 

static void Main(string[] args)
{
    var swagClient = new Client();

    var ords = swagClient.ApiV1OrdersGetAsync(1, 100).Result;  // This call throws SwaggerException: Unauthorized
}

Client类没有任何明显的方法或属性来设置安全性值或任何构造函数参数。

有人有一个如何实现这一目标的例子吗?

1 个答案:

答案 0 :(得分:2)

我同意。奇怪的是,它不仅仅接受某种“在此处插入JWT”。

无论如何,这就是我的解决方法:

注入HttpClient

在NSwagStudio中选中名为“通过构造函数注入HttpClient”的框

CustomMessageHandler

引入自定义HttpMessageHandler

internal class AuthTokenHttpMessageHandler: HttpClientHandler
{
    private readonly Action<HttpRequestMessage, CancellationToken> _processRequest;

    public AuthTokenHttpMessageHandler(Action<HttpRequestMessage, CancellationToken> processRequest)
    {
        _processRequest = processRequest;
    }

    protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
    {
        _processRequest(request, cancellationToken);
        return base.SendAsync(request, cancellationToken);
    }
}

此处理程序接受一个委托,您可以在其中提供JWT。

与您的客户整合

using System.Net.Http;
using System.Net.Http.Headers;
using System.Threading.Tasks;

public class MyService : IDisposable
{
    private readonly AuthTokenHttpMessageHandler _messageHandler;
    private readonly HttpClient _httpClient;
    private readonly MyNSwagClient _client;

    public MyService()
    {
        _messageHandler = new AuthTokenHttpMessageHandler((req, _) =>
        {
            req.Headers.Authorization = new AuthenticationHeaderValue("bearer", "your token goes here");
        });
        _httpClient = new HttpClient(_messageHandler);

        _client = new MyNSwagClient(_httpClient);
    }

    public async Task<SomeModel> GetStuffAsync(string paramenter1)
    {
        return await _client.StuffGetAsync(parameter1);
    }

    public void Dispose()
    {
        _httpClient?.Dispose();
        _messageHandler?.Dispose();
    }
}

希望对您有帮助

相关问题
最新问题