Nswag: Does not support API key authentication

Any update on this?

Because authentication differs in many scenarios, you have to implement this yourself... e.g. use the InjectHttpClient option and set the api key header on the injected http client or use a base class (ClientBaseClass) and set the header in the CreateHttpRequestMessageAsync method (UseHttpRequestMessageCreationMethod) and which is retrieved by a config object (ConfigurationClass)

But the whole point of Swagger is to standardize how this works - specifically API Key Authentication. It is completely standardized.

I would also love to see some authentication code generation support. Not for every possible case, but API key and basic authentication would be very nice.

I have played around with the code and I’m close get something working. Would an PR be accepted if I completed this? I will need some help to get the necessary security properties available in the liquid templates. I have done parts of this, but it’s needs some improvement :-)

Its already quite easy to implement that with a ConfigurationClass, BaseClass and an http message creation method on the base class... how would your generated code look like? Do you have a sample? It should be opt-in with a setting if we add that..

I totally agree this should be a setting. I have done that before, it was quite easy as a remember it :-)

If we have a crazy case where both apiKey and basic authentication is accepted like this:

  "apikeytest": {
    "type": "apiKey",
    "description": "TEST_DESCRIPTION",
    "name": "TEST_HEADER",
    "in": "header"
  },
  "basicauthtest": {
    "type": "http",
    "scheme": "basic",
    "in": "header"
  }

Then I would like to generate code like this:

    private string AuthenticationHeaderName = null;
    private string AuthenticationHeaderValue = null;

    public SetupAuthenticationWithApiKey(string apikey)
    {
        AuthenticationHeaderName = "TEST_HEADER";
        AuthenticationHeaderValue = apiKey;
    }

    public SetupAuthenticationWithBasicAuthentication(string username, string password)
    {
        AuthenticationHeaderName = "Authorization";
        AuthenticationHeaderValue = System.Convert.ToBase64String(System.Text.Encoding.GetEncoding("ISO-8859-1").GetBytes(username + ":" + password));
    }

    public ClearAuthentication()
    {
        AuthenticationHeaderName = null;
        AuthenticationHeaderValue = null;
    }

    private void AddAutentication(System.Net.Http.HttpRequestMessage request)
    {
        if(!string.IsNullOrWhitespace(AuthenticationHeaderName) && !string.IsNullOrWhitespace(AuthenticationHeaderValue))
        {
            request.Headers.Add(AuthenticationHeaderName, AuthenticationHeaderValue);
        }
    }

Also, in each method that is using some kind of authentication AddAutentication will be called just before PrepareRequest(client_, request_, urlBuilder_);.

I think that’s it. As I mentioned earlier, I need some advice how to expose some security settings to the Liquid-files. Accept from that it’s quite straightforward I think. Let me know what you think.

Can't you set a base class, enable UseHttpRequestMessageCreationMethod and do that in this just method in the base class (maybe also define a configuration class to inject configs etc.)?

This whole auth code is always user specific and thus I'm a little hesitant to add it to NSwag directly...

Hi @RicoSuter, I agree about the authentication support, its well documented on swagger specification. i.e.
https://swagger.io/docs/specification/authentication/oauth2/