Swashbuckle.aspnetcore: prefix apikey
Do I need to inject a custom index.html to add the "bearer" before my apikey?
When using the following security definition
c.AddSecurityDefinition("bearer", new ApiKeyScheme {
Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = "header",
Type = "apiKey",
});
it generates the following requests
curl -X GET --header 'Accept: application/json' --header 'Authorization: 123456' 'http://localhost:49871/Account/2'
Id like the header to unclude the "bearer" prefix.
VisualBean
All 4 comments
I like the idea. Or is this already possible in some other way?
bert2
on 29 Nov 2017
I am not able to use Bearer authentication because of this issue. The code below did not work for me:
options.AddSecurityDefinition("Bearer", new ApiKeyScheme
{
Name = "Authorization",
In = "header"
});
options.AddSecurityRequirement(new Dictionary<string, IEnumerable<string>>
{
{ "Bearer", new string[] { } }
});
There is another way to use Bearer authentication?
The word "Bearer" missing on "Authentication" request header parameter:
curl -X GET "http://localhost:5000/v1/user/get-user-by-email/email.com.br" -H "accept: application/json" -H "Authorization: my_JWT_Token_is_here"
jlnpinheiro
on 13 Jun 2018
+1
RESULT:
Authorization: eyJ0e...
EXPECTED:
Authorization: Bearer eyJ0e...
Bearer should be inserted here for me, configurable, since not all auth types need this.
Workaround:
Paste "Bearer " into the field yourself, with a space, and then your token.
HOWEVER, it's really annoying to have to add it myself because typically I copy/paste the JWT from where I generated it elsewhere, and I sure don't want to have to edit that dang little value input field when I simply want to Authorize with Swagger.
dapug
on 10 Jan 2019
Swashbuckle.AspNetCore 5.0.0 (currently available as a beta package) supports the Swagger/OpenAPI spec 3.0, which in turn supports a "bearer" security scheme. See https://swagger.io/docs/specification/authentication/bearer-authentication/ for more details.
This means you can use this scheme instead of the "apiKey" scheme to get the exact behavior your looking for in the swagger-ui. Here's some example code for defining and requiring this scheme type with Swashbuckle.AspNetCore 5.0.0-beta:
```csharp
services.AddSwaggerGen(c =>
{
…
c.AddSecurityDefinition("bearer", new OpenApiSecurityScheme { Type = SecuritySchemeType.Http, Scheme = "bearer", BearerFormat = "JWT" });
c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "bearer" }
},
new string[] {}
}
});
});
domaindrivendev
on 26 Feb 2019
Related issues
rgelb
·
3Comments
TimmyGilissen
·
3Comments
m-demydiuk
·
3Comments
brucewilkins
·
3Comments
gabeluci
·
3Comments
Most helpful comment
Swashbuckle.AspNetCore 5.0.0 (currently available as a beta package) supports the Swagger/OpenAPI spec 3.0, which in turn supports a "bearer" security scheme. See https://swagger.io/docs/specification/authentication/bearer-authentication/ for more details.
This means you can use this scheme instead of the "apiKey" scheme to get the exact behavior your looking for in the swagger-ui. Here's some example code for defining and requiring this scheme type with Swashbuckle.AspNetCore 5.0.0-beta:
```csharp
services.AddSwaggerGen(c =>
{
…
});