Swashbuckle.aspnetcore: Bearer Token

As per the Swagger spec, a "security definition" is not enough, you also need to assign applicable operations to the defined scheme. All described in the Swashbuckle readme

@mjabian were you able to achieve this? I need tom implement exactly this.

@domaindrivendev can you please suggest how to do this in ASP.NET Core? any link?

@mjabian

I tried your solution, fortunately it worked for me with a minor change (not in your code). I used below part of your code

x.AddSecurityDefinition("Bearer", new ApiKeyScheme()
{
    Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
    Name = "Authorization",
    In = "header",
    Type = "apiKey"
});

It creates an Authorize button in Swagger UI like below for me

When I click this button, it opens up a popup where I was able to put JWT value. It didn't work.

I observed the request using F12 tools and found that the required header was being added but suffix bearer was not added. So, I just put this manually in token value like bearer <token-here>. And, yo, It worked!!.

Thanks a lot to you.

@goforgold @mjabian Thanks guys. worked for me!

This feature is working just for version 1.X not 2.X, so I have downgrade to v1.2 and it is sending the token.

I agree, this is not working in 2.X. I also had to downgrade. It looked like the Authorization header was not being included in the request.

I can see there is a new UI, so this feature has been broken.

@ajbeaven @Behnam-Emamian - to get this to work in 2.x, you need to accompany your scheme _definition_ with a corresponding _requirement_ to indicate that the scheme is applicable to all operations in your API:

c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
    { "Bearer", new string[] { } }
});

__NOTE__: it turns out that the old UI worked without this despite being an incomplete description, as per the Swagger 2.0 spec. The new swagger-ui _correctly_ requires this

YAS! Thank You @domaindrivendev!!

Did anyone else figure out why swagger-ui doesn't include the Bearer prefix to the auth token? Or is it expected we provide it on input?

Hi @replaysMike, it is expected (to my understanding) that the user supplies the "Bearer " prefix along with the JWT Token when pasting it via the Swagger UI.

services.AddSwaggerGen(options =>
{
    options.AddSecurityDefinition("Bearer", new ApiKeyScheme
    {
        Name = "Authorization",
        In = "header"
    });

    options.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
    {
        { "Bearer", new string[] { } }
    });
});

This did not work for me in version 2.5.0. Has anyone else found a solution to this problem? The "Bearer" word still missing in "Authentication" header request parameter.

@jlnpinheiro the user must supply that word, as @gakees says.
It's working for me with the same configuration you have, I also added a description to warn the user to write authentication as Bearer {token}

c.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
    { "Bearer", new string[] { } }
});

c.AddSecurityDefinition("Bearer", new ApiKeyScheme()
{
    Description = "JWT Authorization header using the Bearer scheme. Example: \"Bearer {token}\"",
    Name = "Authorization",
    In = "header",
    Type = "apiKey"
});

Thanks for the help my friend, @keycad! Problem resolved!

Isn't there a way to always prepend bearer to user supplied tokens?

I tried and didn't find one... but I'll be pleased if you know how