{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 仙女界的扛把子 的问题《JWT Authentication and Swagger with .Net core 3.0》','https://www.manongdao.com/q-1256564.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am developing some Web Api with .Net core 3.0 and want to integrate it with SwashBuckle.Swagger. It is working fine, but when I add JWT authentication, it does not work as I expect. To do that, I added the code below:
services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new Microsoft.OpenApi.Models.OpenApiInfo { Title = "My Web API", Version = "v1" });
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey
});
});
After adding AddSecurityDefinition function, I can see the Authorize button and when I click it, I see the form below:
Then I type Bearer WhatEverApiKeyIsfgdgdgdg845734987fgdhgiher635kjh, After doing it I expect to see authorization: Bearer WhatEverApiKeyIsfgdgdgdg845734987fgdhgiher635kjh in the request's header , when I send a request to the Web Api from Swagger. But authorization is not added to the request header. I am using SwashBuckle.Swagger(5.0.0-rc3). Please note there are many samples which work fine on .net core 2.0, but Swashbuckle swagger functions has changed on the latest version so I cannot use that samples.
If you don't want to add a token manually and you want the scopes to be selectable along with passing a clientId to the identity server you can add something like this.
I have used implicit flow, but you can configure any flow using the following mechanism:
The output will be like this:
After some research, I eventually found the answer here
Before seeing this page, I knew that I should use
AddSecurityRequirementafterAddSecurityDefinitionbecause of many samples, but it was a problem that the function parameters have changed on .NET Core 3.0.By the way, the final answer is as below:
If you are using Swagger 3.0 then it has build-in support for JWT authentication.
You need to use ParameterLocation.Header, SecuritySchemeType.Http, bearer, and JWT in OpenApiSecurityScheme as shown below.
After this, you wouldn't need to specify token in Bearer {token} format. Only specify the token and the security scheme will automatically apply it in the header.