Swashbuckle.aspnetcore: OAuth

I tried the code from security example but it doesn't show in UI. If I copy paste it into swagger editor, it works?

The SecuritySchemes sample demonstrates an OAuth configuration. Works perfectly when I run it. You'll have to provide a little more info to troubleshoot why it's not working for you. What does your swagger config look like? What does your Operation Filter (i.e. to assign security requirements) look like? What specifcially are seeing or not seeing on the UI?

Okay I got it working so far.
I loaded the solution, included the nuget two packages Swashbuckle and Swashbuckle.Swagger, included the bower package swagger-ui and got the folder lib. I copied the lib/swagger-ui/dist folder to /swagger/ui.

I added the AssignSecurityRequirements like in the sample project and this is my configuration:

C# options.SecurityDefinitions.Add("oauth2", new OAuth2Scheme { Type = "oauth2", Flow = "client credentials", AuthorizationUrl = "https://identity.de/core", Description = "Client credentials needed", Scopes = new Dictionary<string, string> { { "read", "read access" }, { "write", "write access" } } });

If i try to authorize, i get a redirect to the following url:
http://localhost:9876/swagger/ui/null&redirect_uri=http://localhost:9876/swagger/ui/o2c.html&realm=your-realms&client_id=your-client-id&scope=tts.commerce_connector.read,tts.commerce_connector.write&state=

I found those settings in index.html file but changes didnt take effect.
I changed the flow to implicit and changed the client_id within the url and that works.
Where do i have to make the changes to client_id and realm?
In the expample application there are also those placeholders.

I think because swagger is a "browser only" application, only implicit flow is supported?

Same question; how are we supposed to set client_id, realm, etc. for oAuth?

The only way I can find currently is to override the entire index.html, but that seems rather brittle.

Are there plans to add additional config options to the SwaggerUIMiddleware? It already does variable replacement, it just doesn't seem to take in very many variables in the current build

@domaindrivendev any update on setting client_id, realm etc.?

Having the same issue here regarding clientId... for now I've updated my openId server to accept "your-client-id" as the id to move forward.

We also need to be able to set the resource

I worked around this with gulp tasks. Basically, I moved index.html to an /App folder, then have gulp tasks that use gulp-replace to set the client-id to the right value, then copy the result file to the right place under the wwwroot folder.

I'm using the standard VS publishing feature. You can control which gulp tasks get run and when by using the scripts section in project.json like this:

"scripts": {
"prepublish": "gulp publish",
"postpublish": "gulp dev"
}

In my case, the publish gulp task writes a version suitable for the remote server I'm deploying to, then the dev gulp task is run afterwards to put the file back to the way it needs to be on the developer's local workstation.

It gets a little trickier if you have multiple different environments or publish profiles to deal with, each needing differnt gulp tasks to run. There are a bunch of ways to approach that. There is a gulp-msbuild module you might find handy. Also, a good article here: http://www.mikeobrien.net/blog/using-gulp-to-build-and-deploy-dotnet-apps-on-windows/

I'm using SWAGGER & OAUTH2 on my personnal project. The implementation can be found on this url : https://github.com/thabart/SimpleIdentityServer/blob/master/SimpleIdentityServer/src/SimpleIdentityServer.Manager.Host/Startup.cs.
Follow those steps to use OAUTH2 with SWAGGER

• Update the Startup class according to my implementation
• Add the two files "SwaggerUiController" & "Index.cshtml". The source code can be found here : https://github.com/thabart/SimpleIdentityServer/tree/master/SimpleIdentityServer/src/SimpleIdentityServer.Manager.Host/Swagger
• Open "Index.cshtml" & update the client-id & secret.

Thank you @thabart! It's worked. \o/

I don't think this should be closed? There should be a less brittle way of injecting these parameters. I am also getting /swagger/ui/null&redirect_uri=http%3A%2F%2Flocalhost%3A5001%2Fswagger%2Fui%2Fo2c.html&realm=your-realms&client_id=your-client-id&scope=api&state=0.7878473905906194
URL and need to change it. Copying index.cshtml seems a hack? @domaindrivendev

@thabart did you delete your example?

@domaindrivendev how to set client_id, client_secret for oAuth from UI?

You can set the OAuth settings like so:

app.UseSwaggerUi(
    options =>
    {
        var additionalQueryStringParameters = new Dictionary<string, string>()
        {
            { "resource", "My Client ID" }
        };
        options.ConfigureOAuth2(
            "My Client ID",
            "My Client Secret",
            "My Realm",
            "My App Name",
            additionalQueryStringParameters: additionalQueryStringParameters);
    });

However, this does not work if you have a custom index.html file because the above settings are found and replaced in the default index.html file. I managed to get OAuth working by manually also setting the above values in my index.html file (See https://github.com/domaindrivendev/Swashbuckle.AspNetCore/issues/332).

PR https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/205 seems hopeful, in that it will allow having a custom index.html file while also allowing the replacements of the above settings to occur. If anyone has another quick workaround I'd love to know.

@RehanSaeed Thanks but I need to set client_id and client_secret manually by user (not hardcode) from UI