ASP.NET WebAPI 集成 Swagger 启用 OAuth 2.0 配置问题
在 ASP.NET WebAPI 集成 Swagger 后,由于接口使用了 IdentityServer 做的認證,調試起來很不方便;看了下 Swashbuckle 的文檔 ,是支持 OAuth2.0 的配置的,使用的簡化模式(Implicit grant type),交互的流程如下:
Implicit Grant Type (簡化模式)
參數(shù):
- response_type:表示授權類型,此處的值固定為"token",必選項。
- client_id:表示客戶端的ID,必選項。
- redirect_uri:表示重定向的URI,可選項。
- scope:表示權限范圍,可選項。
- state:表示客戶端的當前狀態(tài),可以指定任意值,認證服務器會原封不動地返回這個值。
認證服務器回應客戶端的URI,包含以下參數(shù):
- access_token:表示訪問令牌,必選項。
- token_type:表示令牌類型,該值大小寫不敏感,必選項。
- expires_in:表示過期時間,單位為秒。如果省略該參數(shù),必須其他方式設置過期時間。
- scope:表示權限范圍,如果與客戶端申請的范圍一致,此項可省略。
- state:如果客戶端的請求中包含這個參數(shù),認證服務器的回應也必須一模一樣包含這個參數(shù)。
???? HTTP/1.1 302 Found
???? Location: http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA
?????????????? &state=xyz&token_type=example&expires_in=3600
Swagger 啟用 OAuth 2.0 配置
Idrv 中配置客戶端(Client)
new Client{ClientName = "Test_API_Flow",ClientId = "api_test_api_flow",Flow = Flows.Implicit,ClientUri = "https://identityserver.io",RequireConsent = true,AllowRememberConsent = true,RedirectUris = new List<string>{"http://localhost:39106/swagger/ui/o2c-html",},AllowedCorsOrigins = new List<string>{"http://localhost:39106"},AccessTokenLifetime = 3600,AccessTokenType = AccessTokenType.Jwt,AllowAccessToAllScopes=true},API:
app.UseIdentityServerBearerTokenAuthentication(new IdentityServerBearerTokenAuthenticationOptions{Authority = IdsvSetting.Authority,ValidationMode = ValidationMode.ValidationEndpoint,RequiredScopes=new List<string> {"all","user","order"}} }); /// <summary>/// 早餐控制器/// </summary>[RoutePrefix("api/v1/breakfast")]public class BreakfastController : ApiController{private static readonly Logger logger = LogManager.GetCurrentClassLogger();/// <summary>/// 早餐服務/// </summary>private readonly IBreakfastService _breakfastService;/// <summary>/// 構造方法/// </summary>/// <param name="breakfastService">早餐服務</param>public BreakfastController(IBreakfastService breakfastService){_breakfastService = breakfastService;}#region 獲得酒店關聯(lián)的餐廳的酒店/// <summary>/// 獲得酒店關聯(lián)的餐廳的酒店/// </summary>/// <param name="hotelcd">酒店編號</param>/// <returns>獲得酒店關聯(lián)的餐廳的酒店</returns> [Authorize][HttpGet][Route("{hotelcd}/mapping")]public async Task<IHttpActionResult> GetXhotelBreakfastHotelMappingRequest(string hotelcd){var response = await _breakfastService.GetXhotelBreakfastHotelMappingRequest(hotelcd);return Json(response);}#endregion} }配置 SwaggerConfig
//https://tsso.xxx.cn/connect/authorize?response_type=token&redirect_uri=http%3A%2F%2Flocalhost%3A39106%2Fswagger%2Fui%2Fo2c-html&realm=test-realm&client_id=api_test_api_flow&scope=all%20%20&state=oauth2c.OAuth2("oauth2").Description("OAuth2 Implicit Grant").Flow("implicit").AuthorizationUrl("https://tsso.xxx.cn/connect/authorize")//.TokenUrl("https://sso.xxx.cn/connect/token").Scopes(scopes =>{scopes.Add("all", "all access to protected resources");scopes.Add("user", "user access to protected resources");scopes.Add("order", "order access to protected resources");}); ...??c.OperationFilter<AssignOAuth2SecurityRequirements>();c.EnableOAuth2Support(clientId: "api_test_api_flow",clientSecret: null,realm: "test-realm",appName: "Swagger UI"//additionalQueryStringParams: new Dictionary<string, string>() { { "foo", "bar" } }); public class AssignOAuth2SecurityRequirements : IOperationFilter{public void Apply(Operation operation, SchemaRegistry schemaRegistry, ApiDescription apiDescription){var actFilters = apiDescription.ActionDescriptor.GetFilterPipeline();var allowsAnonymous = actFilters.Select(f => f.Instance).OfType<OverrideAuthorizationAttribute>().Any();if (allowsAnonymous)return; // must be an anonymous method//var scopes = apiDescription.ActionDescriptor.GetFilterPipeline()// .Select(filterInfo => filterInfo.Instance)// .OfType<AllowAnonymousAttribute>()// .SelectMany(attr => attr.Roles.Split(','))// .Distinct();if (operation.security == null)operation.security = new List<IDictionary<string, IEnumerable<string>>>();var oAuthRequirements = new Dictionary<string, IEnumerable<string>>{{"oauth2", new List<string> {"all","user","order"}}};operation.security.Add(oAuthRequirements);}}
OK ,配置完成,點擊紅色的圈圈,登錄成功會302到? http://localhost:39106/swagger/ui/o2c-htm 上
當然也可以退出授權:
REFER:
https://www.scottbrady91.com/Identity-Server/ASPNET-Core-Swagger-UI-Authorization-using-IdentityServer4
https://stackoverflow.com/questions/33752900/enable-oauth2-client-credentials-flow-in-swashbuckle
https://stackoverflow.com/questions/29275499/swagger-swashbuckle-oauth2-with-resource-owner-password-credentials-grant?rq=1
http://knowyourtoolset.com/2015/08/secure-web-apis-with-swagger-swashbuckle-and-oauth2-part-2/
轉載于:https://www.cnblogs.com/Irving/p/7275065.html
總結
以上是生活随笔為你收集整理的ASP.NET WebAPI 集成 Swagger 启用 OAuth 2.0 配置问题的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: springmvc学习笔记(19)-RE
- 下一篇: TODO monkey笔记,PC端执行和