Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Swagger authorization not working (401 error) #14

Closed
workcontrolgit opened this issue Aug 16, 2020 · 3 comments
Closed

Swagger authorization not working (401 error) #14

workcontrolgit opened this issue Aug 16, 2020 · 3 comments
Labels
help wanted Extra attention is needed

Comments

@workcontrolgit
Copy link

First, THANK YOU for creating and sharing the template.

Background: The ApiBoilerPlate was used to generate a WebAPI project. After adding [Authorize] attribute to the PersonsController, the endpoints require to Bearer JWT access token as expected. However, accessing any endpoint in the PersonsController will get 401.

Issue - Para authorization and bearer token are not included in the header upon submit in Swagger. External testing using Postman worked fine.

Fix - Made the following changes in Infrastructure\Installers\RegisterSwagger.cs

            options.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
            {
                Scheme = "Bearer",
                Description = "Enter 'Bearer' following by space and JWT.",
                Name = "Authorization",
                //Type = SecuritySchemeType.Http,
                Type = SecuritySchemeType.ApiKey,
                In = ParameterLocation.Header,
            });

See below for the code -
https://github.com/workcontrolgit/EmployeeProfileWebAPIDemo/blob/master/EmployeeProfile/EmployeeProfile/Infrastructure/Installers/RegisterSwagger.cs

I will fork and submit a pull request.
@workcontrolgit workcontrolgit mentioned this issue Aug 16, 2020
Open
@proudmonkey
Copy link
Owner

@workcontrolgit

Thanks for the feedback! Bearer tokens should use http SecuritySchemeType. The ApiKey type is used for Api Keys and cookie authentication. Read more here: https://swagger.io/docs/specification/authentication/

Which version of Swashbuckle.AspNetCore.Swagger you are using? If you are using version 5.5.x then you can do something like this:

services.AddSwaggerGen(options =>
{
    options.SwaggerDoc("v1", new OpenApiInfo { Title = "MyApi", Version = "v1" });

    var securityScheme = new OpenApiSecurityScheme
    {
        Name = "JWT Authentication",
        Description = "Enter JWT token.",
        In = ParameterLocation.Header,
        Type = SecuritySchemeType.Http,
        Scheme = "bearer",
        BearerFormat = "JWT",
        Reference = new OpenApiReference
        {
            Id = JwtBearerDefaults.AuthenticationScheme,
            Type = ReferenceType.SecurityScheme
        }
    };

    options.AddSecurityDefinition(securityScheme.Reference.Id, securityScheme);
    options.AddSecurityRequirement(new OpenApiSecurityRequirement
    {
        { securityScheme, new string[] { } }
    });
});

@improwise
Copy link

improwise commented Oct 1, 2020
edited
Loading

This is also nice since you don't need to have the "bearer JWTtoken" anymore in Swagger but just "JWTtoken".

Just don't forget to add:

options.OperationFilter<SwaggerAuthorizeCheckOperationFilter>();

to the end of AddSwaggerGen() :)

There is a nice article on this at https://codeburst.io/api-security-in-swagger-f2afff82fb8e

@proudmonkey proudmonkey added the help wanted Extra attention is needed label Oct 23, 2020
@workcontrolgit
Copy link
Author

@proudmonkey
I use Swashbucket.AspNetCore.Swagger v5.1.0

@improwise
Thank you for the reference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@improwise @workcontrolgit @proudmonkey