Feature Request: SwaggerUI Auth Options #389
Comments
|
This would be very useful for my project as well |
|
@ctraftoncodes Thanks for the issue! We already support OAuth2 authentication. But it seems that you want some extra features in addition to it. Would you please eleborate? |
@justinyoo I'm facing a similar situation. Using swashbuckle as a basis for comparison, if you check out the class OAuthConfigObject it exposes properties allowing the client id and selected scopes to be pre-set in swagger UI; that's really just a convenience, but a very convenient one, particularly for my testers. More importantly for my use case it provides a property |
|
@DanMannMann that is the use case I am referring to - it would be nice to be able to pre-set a few values the way that you have described with Swashbuckle's OAuthConfigObject. For my use case, it is, as described, simply a convenience that would help us when testing and remove the need to copy and paste the ClientID for OAuth2. I understand this may be out of scope for this package but could be a useful as others have described. Please let me know @justinyoo if I can provide further clarification. :) |
@DanMannMann Unfortunately, this package relies on OpenAPI.NET and it's currently v1.2.3 - supports OpenAPI spec v3.0.1. Therefore PKCE support is not there yet. When OpenAPI.NET package supports PKCE then we can also support it. |
|
@ctraftoncodes Oh I see. Let's keep this discussion open and see how it goes. I don't currently have a clear roadmap on this, though. |
justinyoo
added
enhancement
|
Any progress on adding support for allowing the client id and selected scopes to be pre-set in swagger UI? |
|
There is an item on the OpenAPI github that concerns updating to 3.1.0. According to the milestones set here it might see daylight at the end of march this year. Subsequently, work has to be planned for this extension of course :-) So I'm rooting for you folks!! ;-) thanks in advance I'm really waiting for this :-) I've resorted to Token retrieval using PostMan, but I would love to have this within the swaggerui.
|
|
+1 |
|
I'd say problem is that this extension lacks decent extension points for configuring SwaggerUI. I managed to get PKCE working and configuring default ClientId, scopes, etc by injecting custom JavaScript which configures OAuth after swagger bundle is configured and assigned to services.AddSingleton<IOpenApiCustomUIOptions>( _ =>
{
var assembly = Assembly.GetExecutingAssembly();
var options = new OpenApiCustomUIOptions( assembly )
{
GetStylesheet = () => Task.FromResult( string.Empty ),
GetJavaScript = () => Task.FromResult(
"""
function onValueUpdate(ui) {
ui.initOAuth({
clientId: "<my_client_id>",
clientSecret: "<my_client_secret>",
scopeSeparator: " ",
scopes: "openid profile",
usePkceWithAuthorizationCodeGrant: true
});
}
Object.defineProperties(window, {
_ui: {
value: 'object',
writable: true
},
ui: {
get: function() {
return this._ui;
},
set: function(val) {
this._ui = val;
onValueUpdate(this._ui);
}
}
});
""" )
};
return options;
} );It needed some tweaking because how the default A better option would be to do like Swashbuckle. Swagger UI OAuth2 configuration docs: |
|
@justinyoo Updates on this extension appear to have gone stagnant. Are there any plans to release new versions that implement features like PKCE in Swagger UI? |
Describe the issue
SwashBuckle.ASpDotnetCore Provides built-in UI support for for OAuth 2.0 flows that help developers quickly stand up Swagger UIs with data pre-filled in, such as OAuth ClientIds, etc. This also reduces the amount configuration the user needs to do per function and would reduce the developer's need to copy and paste this information from another source.
Would it be possible for this to support such functionality or would that fall out of scope for the intended use of the extension?
If not, since SwashBuckle is not compatible with Az Functions, do you have a suggested way I might pre-full this?
Screenshots
For example, with SwashBuckle, I can configure The SwaggerUI such that the API itself can fill this out without the user needing to copy and paste these kinds of secrets from elsewhere:
The text was updated successfully, but these errors were encountered: