public static void AddOAuthSecurity(this Swashbuckle.AspNetCore.SwaggerGen.SwaggerGenOptions setup)
{
var flows = new OpenApiOAuthFlows();
flows.ClientCredentials = new OpenApiOAuthFlow()
{
TokenUrl = new Uri(OAuthSettings.TokenUrl, UriKind.Relative),
Scopes = OAuthSettings.Scopes
};
var oauthScheme = new OpenApiSecurityScheme()
{
Type = SecuritySchemeType.OAuth2,
Description = "OAuth2 Description",
Name = OAuthSettings.AuthHeaderName,
In = ParameterLocation.Query,
Flows = flows,
Scheme = OAuthSettings.SchemeName,
};
//securityrDefinition
setup.AddSecurityDefinition("Bearer", oauthScheme);
//securityrRequirements
var securityrRequirements = new OpenApiSecurityRequirement();
securityrRequirements.Add(oauthScheme, new List <string>()
{
});
setup.AddSecurityRequirement(securityrRequirements);
}
public OpenApiAADSecurityScheme()
{
Description =
"JWT authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\" User interactively authenticates with Azure Active Directory";
Name = "Authorization";
Type = SecuritySchemeType.OAuth2;
Flows = new OpenApiOAuthFlows
{
Implicit = new OpenApiOAuthFlow
{
TokenUrl = new Uri(
"https://login.microsoftonline.com/putATenantIdHere/oauth2/v2.0/token"),
AuthorizationUrl = new Uri(
"https://login.microsoftonline.com/putATenantIdHere/oauth2/v2.0/authorize"),
Scopes =
{
{ "my_scope_1", "Scope 1" },
{ "my_scope_2", "Scope 2" },
{ "my_scope_3", "Scope 3" }
}
}
};
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "AAD"
};
}
public ChangedOAuthFlowsBO Diff(OpenApiOAuthFlows left, OpenApiOAuthFlows right)
{
var changedOAuthFlows = new ChangedOAuthFlowsBO(left, right);
if (left != null && right != null)
{
changedOAuthFlows.ImplicitOAuthFlow = _openApiDiff
.OAuthFlowDiff
.Diff(left.Implicit, right.Implicit);
changedOAuthFlows.PasswordOAuthFlow = _openApiDiff
.OAuthFlowDiff
.Diff(left.Password, right.Password);
changedOAuthFlows.ClientCredentialOAuthFlow = _openApiDiff
.OAuthFlowDiff
.Diff(left.ClientCredentials, right.ClientCredentials);
changedOAuthFlows.AuthorizationCodeOAuthFlow = _openApiDiff
.OAuthFlowDiff
.Diff(left.AuthorizationCode, right.AuthorizationCode);
}
changedOAuthFlows.Extensions = _openApiDiff
.ExtensionsDiff
.Diff(left?.Extensions, right?.Extensions);
return(ChangedUtils.IsChanged(changedOAuthFlows));
}
public void Apply(OpenApiDocument swaggerDoc, DocumentFilterContext context)
{
var flows = new OpenApiOAuthFlows();
flows.ClientCredentials = new OpenApiOAuthFlow()
{
//AuthorizationUrl = new Uri(OAuthSettings.Auth, UriKind.Absolute),
TokenUrl = new Uri(OAuthSettings.OktaTokenUrl, UriKind.Absolute),
Scopes = OAuthSettings.Scopes
};
var oauthScheme = new OpenApiSecurityScheme()
{
Type = SecuritySchemeType.OAuth2,
Description = "OAuth2 Description",
Name = "Authorization",
In = ParameterLocation.Header,
Flows = flows,
Scheme = OAuthSettings.SchemeName
};
var securityrRequirements = new OpenApiSecurityRequirement();
securityrRequirements.Add(oauthScheme, new List <string>()
{
"Bearer"
});
swaggerDoc.SecurityRequirements.Add(securityrRequirements);
}
/// <summary>
/// Visits <see cref="OpenApiOAuthFlows"/> and child objects
/// </summary>
internal void Walk(OpenApiOAuthFlows flows)
{
if (flows == null)
{
return;
}
_visitor.Visit(flows);
Walk(flows as IOpenApiExtensible);
}
public void Traverse(OpenApiOAuthFlows flows)
{
if (flows == null)
{
return;
}
Visitor.Visit(flows);
Traverse(flows.Implicit);
Traverse(flows.Password);
Traverse(flows.ClientCredentials);
Traverse(flows.AuthorizationCode);
}
internal OpenApiOAuthFlows ToOpenApi()
{
var item = new OpenApiOAuthFlows()
{
Implicit = this.Implicit?.ToOpenApi(),
Password = this.Password?.ToOpenApi(),
ClientCredentials = this.ClientCredentials?.ToOpenApi(),
AuthorizationCode = this.AuthorizationCode?.ToOpenApi(),
Extensions = this.Extensions
};
return(item);
}
public static OpenApiOAuthFlows LoadOAuthFlows(ParseNode node)
{
var mapNode = node.CheckMapNode("OAuthFlows");
var oAuthFlows = new OpenApiOAuthFlows();
foreach (var property in mapNode)
{
property.ParseField(oAuthFlows, _oAuthFlowsFixedFileds, _oAuthFlowsPatternFields);
}
return(oAuthFlows);
}
/// <summary>
/// Visits <see cref="OpenApiOAuthFlows"/> and child objects
/// </summary>
/// <param name="flows"></param>
internal void Walk(OpenApiOAuthFlows flows)
{
_visitor.Visit(flows);
Walk(flows as IOpenApiExtensible);
}
private static List <string> GetSecurityOAuthScopes(OpenApiSecurityAttribute attr, OpenApiOAuthFlows flows)
{
var value = new List <string>();
if (attr.SchemeType == SecuritySchemeType.ApiKey)
{
return(value);
}
if (attr.SchemeType == SecuritySchemeType.Http)
{
return(value);
}
if (attr.SchemeType == SecuritySchemeType.OAuth2)
{
if (flows.Implicit.IsNullOrDefault() && flows.Password.IsNullOrDefault() && flows.ClientCredentials.IsNullOrDefault() && flows.AuthorizationCode.IsNullOrDefault())
{
throw new InvalidOperationException("Flow MUST be provided");
}
if (flows.Implicit?.Scopes?.Keys.Any() == true)
{
value.AddRange(flows.Implicit?.Scopes?.Keys);
}
if (flows.Password?.Scopes?.Keys.Any() == true)
{
value.AddRange(flows.Password?.Scopes?.Keys);
}
if (flows.ClientCredentials?.Scopes?.Keys.Any() == true)
{
value.AddRange(flows.ClientCredentials?.Scopes?.Keys);
}
if (flows.AuthorizationCode?.Scopes?.Keys.Any() == true)
{
value.AddRange(flows.AuthorizationCode?.Scopes?.Keys);
}
}
if (attr.SchemeType == SecuritySchemeType.OpenIdConnect)
{
if (!attr.OpenIdConnectScopes.Any())
{
throw new InvalidOperationException("Scope MUST be provided");
}
value.AddRange(attr.OpenIdConnectScopes.Split(new[] { "," }, StringSplitOptions.RemoveEmptyEntries).Select(p => p.Trim()));
}
return(value.Distinct().ToList());
}
public ChangedOAuthFlowsBO(OpenApiOAuthFlows oldOAuthFlows, OpenApiOAuthFlows newOAuthFlows)
{
_oldOAuthFlows = oldOAuthFlows;
_newOAuthFlows = newOAuthFlows;
}
public virtual void Visit(OpenApiOAuthFlows flows)
{
}
