在Swashbuckle oauth 2密码流中,用户名和密码未在标头中传递

时间:2018-09-05 10:31:56

标签: oauth-2.0 authorization swagger swashbuckle

我在我的项目中使用swashbuckle.core。 下面是SwaggerConfig.cs:

    using System.Web.Http;
    using Swashbuckle.Application;
    using WebActivator;
    using System.Collections.Generic;
    using System;
    using Swashbuckle.Swagger;
    using System.Web.Http.Description;
    using System.Linq;
    using System.Web.Http.Filters;

public class SwaggerConfig
    {

        public static void Register()
        {
            var thisAssembly = typeof(SwaggerConfig).Assembly;

            GlobalConfiguration.Configuration

                 .EnableSwagger(c =>
                 {
                     c.SingleApiVersion("v1", "Test.Framework.Rest.ApplicationService");
                       c.UseFullTypeNameInSchemaIds();
                     c.PrettyPrint();



                    c.OAuth2("oauth2")
                        .Description("OAuth2 Password Grant")
                         .Flow("password")
                         .TokenUrl("https://BLR2TCM29.test/SecureTokenServiceRestV4.0/api/authorization/requestaccesstoken")
                            .Scopes(scopes =>
                                        {
                              scopes.Add("oauth2", "AUTHORIZATION");

                                 }
                                 );


                     c.OperationFilter<AddRequiredAuthorizationHeaderParameter>();


                 })
                 .EnableSwaggerUi(c =>
                 {
                     c.EnableOAuth2Support(
                     clientId: "Sample_App",
                     clientSecret: "xxxxx",
                     realm: "test-realm",
                     appName: "Swagger UI",
                     additionalQueryStringParams: new Dictionary<string, string>() { { "loginname", "password" } });
                 });


        }


        public class AddRequiredAuthorizationHeaderParameter : IOperationFilter
        {
            public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription)
            {
                var actFilters = apiDescription.ActionDescriptor.GetFilterPipeline();
                var allowsAnonymous = actFilters.Select(f => f.Instance).OfType<OverrideAuthorizationAttribute>().Any();
                if (allowsAnonymous)
                    return; // must be an anonymous method

                if (operation.security == null)
                    operation.security = new List<IDictionary<string, IEnumerable<string>>>();


                var oAuthRequirements = new Dictionary<string, IEnumerable<string>>
        {
            { "oauth2", new string[]{ "AUTHORIZATION"} }
        };

                operation.security.Add(oAuthRequirements);
            }

        }
        private static string GetXmlCommentsPath()
        {
            return System.AppDomain.CurrentDomain.BaseDirectory + @"\bin\Test.Rest.ApplicationService.Swagger.xml";
        }
    }

API被令牌击中,但标头值(即用户名和密码)不存在。

如果缺少任何配置,请通知我。

任何适用于swashbuckle oauth2密码流的示例都是有用的。

重要提示:因为我正在使用Swashbuckle.Core,所以不提供Swashbuckle.Aspnet的解决方案

1 个答案:

答案 0 :(得分:0)

最后,我能够找到它不起作用的原因。 Swashbuckle将数据传递到正文中,而不是同样形成数据类型的标头中。

screenshot the data

用于在api端接收数据:

 [System.Web.Http.HttpPost()]
    [Route(RELATIVE_PATH + AUTHORIZATION + "/requestauthenticationaccesstoken/")]
    public OAuthResponse AuthenticationAccessToken([FromBody] UserData value)

UserData包含用于用户名,密码,作用域和grant_type的getter设置程序。

此oauth2密码流身份验证成功后。