Microsoft.OpenAPI示例或文档?

时间:2019-07-13 22:36:17

标签: swashbuckle openapi.net

只是尝试使用Swashbuckle 5 rc2 + Microsoft OpenAPI实现,但是努力弄清如何通过OperationFilter使用OpenApiSecurityRequirement注入安全要求

我正在将OperationFilter从Swashbuckle 4转换为Swashbuckle 5 rc2,它使用了Microsoft的OpenApi。在Swashbuckle 4实现中,我有了OperationFilter(这使我可以同时使用oauth2隐式流范围和api_key,在其中我将在SwaggerUI中显式设置承载JTW令牌:

// Swashbuckle 4 code
operation.Security = new List<Dictionary<String, IEnumerable<String>>>
{

    new Dictionary<string, IEnumerable<string>>
    {
        { "Bearer", new string[] { } }
    },
    new Dictionary<string, IEnumerable<string>>
    {
        { "oauth2", requiredScopes }
    }
};

不太确定如何使用OpenAPI来描述相同的安全要求,但是在转换后的OperationFilter实现中,我基本上已经找到了具有Authorize属性的端点,并读取了用于检索范围的策略:

if (requiredScopes.Any())
        {
            operation.Responses.Add("401", new OpenApiResponse { Description = "Unauthorized" });
            operation.Responses.Add("403", new OpenApiResponse { Description = "Forbidden" });

            OpenApiSecurityRequirement bearerSecurityRequirement = new OpenApiSecurityRequirement();
            bearerSecurityRequirement[new OpenApiSecurityScheme()
                                        {
                                            Type = SecuritySchemeType.Http,
                                            Scheme = "Bearer",
                                            BearerFormat = "JWT",
                                            In = ParameterLocation.Header,
                                            Name = "api_key",


                                        }] = new List<String>();

            OpenApiSecurityRequirement oauth2SecurityRequirement = new OpenApiSecurityRequirement();
            oauth2SecurityRequirement[new OpenApiSecurityScheme()
            {
                Type = SecuritySchemeType.OAuth2,
                Flows = new OpenApiOAuthFlows() {
                    Implicit = new OpenApiOAuthFlow()
                    {
                        AuthorizationUrl = new Uri("<authorization url here>"),
                        TokenUrl = new Uri("<token url here>"),
                        Scopes = requiredScopes.ToDictionary(x => x) // TODO: Fix descriptions
                    }
                },                   
                In = ParameterLocation.Header,
                Name = "oauth2"
            }] = new List<String>(requiredScopes);

            operation.Security = new List<OpenApiSecurityRequirement>
            {
                bearerSecurityRequirement,
                oauth2SecurityRequirement

            };

在生成的swagger doc / openapi doc的json输出中,我只是看到了该操作:

"security": [
{},
{}

]

我想我的目标是按照OpenAPI标准生成以下json,其中api_key和oauth2只是我的安全方案的名称。

"security" : [
     {
       "api_key": []
     },
     {
       "oauth2": [
    "<scope1>",
    "<scope2>"
  ]
     }

是否有任何文档或可能更完整的示例来实际演示如何为oauth2和api密钥方法声明受保护的端点?

谢谢

菲利普

0 个答案:

没有答案