只是尝试使用Swashbuckle 5 rc2 + Microsoft OpenAPI实现,但是努力弄清如何通过OperationFilter使用OpenApiSecurityRequirement注入安全要求
我正在将OperationFilter从Swashbuckle 4转换为Swashbuckle 5 rc2,它使用了Microsoft的OpenApi。在Swashbuckle 4实现中,我有了OperationFilter(这使我可以同时使用oauth2隐式流范围和api_key,在其中我将在SwaggerUI中显式设置承载JTW令牌:
// Swashbuckle 4 code
operation.Security = new List<Dictionary<String, IEnumerable<String>>>
{
new Dictionary<string, IEnumerable<string>>
{
{ "Bearer", new string[] { } }
},
new Dictionary<string, IEnumerable<string>>
{
{ "oauth2", requiredScopes }
}
};
不太确定如何使用OpenAPI来描述相同的安全要求,但是在转换后的OperationFilter实现中,我基本上已经找到了具有Authorize属性的端点,并读取了用于检索范围的策略:
if (requiredScopes.Any())
{
operation.Responses.Add("401", new OpenApiResponse { Description = "Unauthorized" });
operation.Responses.Add("403", new OpenApiResponse { Description = "Forbidden" });
OpenApiSecurityRequirement bearerSecurityRequirement = new OpenApiSecurityRequirement();
bearerSecurityRequirement[new OpenApiSecurityScheme()
{
Type = SecuritySchemeType.Http,
Scheme = "Bearer",
BearerFormat = "JWT",
In = ParameterLocation.Header,
Name = "api_key",
}] = new List<String>();
OpenApiSecurityRequirement oauth2SecurityRequirement = new OpenApiSecurityRequirement();
oauth2SecurityRequirement[new OpenApiSecurityScheme()
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows() {
Implicit = new OpenApiOAuthFlow()
{
AuthorizationUrl = new Uri("<authorization url here>"),
TokenUrl = new Uri("<token url here>"),
Scopes = requiredScopes.ToDictionary(x => x) // TODO: Fix descriptions
}
},
In = ParameterLocation.Header,
Name = "oauth2"
}] = new List<String>(requiredScopes);
operation.Security = new List<OpenApiSecurityRequirement>
{
bearerSecurityRequirement,
oauth2SecurityRequirement
};
在生成的swagger doc / openapi doc的json输出中,我只是看到了该操作:
"security": [
{},
{}
]
我想我的目标是按照OpenAPI标准生成以下json,其中api_key和oauth2只是我的安全方案的名称。
"security" : [
{
"api_key": []
},
{
"oauth2": [
"<scope1>",
"<scope2>"
]
}
是否有任何文档或可能更完整的示例来实际演示如何为oauth2和api密钥方法声明受保护的端点?
谢谢
菲利普