Configure your Swagger UI to OAuth 2.0 with .Net Core 2.1

Swagger is an user interface which provides an "HTML UI Page" to access the API 's created using your Asp.Net Core Web API.

In development of Web API'S most of the scenario's we need to make our API'S access level to private.

In these scenario's where authentication come's into picture there are various authentication protocols as listed below.

1. Basic Authentication

2. Bearer Authentication

3. OAuth

4. OAuth 2.0

However the above are few there are various schemes of authentication.

OAuth 2.0

OAuth 2.0 is an authentication protocol, OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices.

Various Grant Flows of OAuth 2.0

1. Authorization code grant

2. Implicit grant

3. Resource owner credentials grant

4. Client credentials grant

5. Refresh token grant

In this blog we are configuring our application for OAuth 2.0 for "Client credentials" grant flow.

For more information regarding OAuth 2.0 Click Here

After creating your .net core 2.1 web API application you should configure your startup.cs file to OAuth 2.0

Startup.cs file

  services.AddSwaggerGen(c =>
            {
                c.SwaggerDoc("v1", new OpenApiInfo { Title = "Your API Name", Version = "v1" });
               
                c.AddSecurityDefinition("Oauth2", new OpenApiSecurityScheme
                {

                    Description = "Oauth2",
                    Name = "Authorization",
                    In = ParameterLocation.Header,
                    Type = SecuritySchemeType.OAuth2,
                    Flows = new OpenApiOAuthFlows()
                    {
                        ClientCredentials = new OpenApiOAuthFlow()
                        {
                            TokenUrl = new System.Uri("/v1/Authenticate", UriKind.Relative),
                            Scopes = new System.Collections.Generic.Dictionary<string,string>()
                            {
                                {"Read", "Read only" },
                                {"Write", "Write only" },
                            },
                        },
                    },
                    BearerFormat = "Bearer <token>",
                });

                c.OperationFilter<AddHeaderParam>();
            });

In the above code snippet we had c.OperationFilter<AddHeaderParam>();

In AddHeaderParam.cs file we need to have security requirement to store the access token that generated using OAuth 2.0

AddHeaderParam.cs File

 operation.Security.Add(new OpenApiSecurityRequirement()
                {
                    {
                        new OpenApiSecurityScheme
                        {
                            Reference = new OpenApiReference
                            {
                                Type = ReferenceType.SecurityScheme,
                                Id = "Oauth2",
                            },
                            Scheme = "Oauth2",
                            Name = "Oauth2",
                            In = ParameterLocation.Header,
                        },
                        new List<string>()
                    },
                });

You can add these in AddHeaderParam.cs file to configure the authorization for specific API'S or you can set the security requirement globally in startup.cs file.

After running your swagger you will see an "Authorize" button in your swagger header as shown below

After clicking on the button you will see the swagger ui for OAuth 2.0 as shown Below

After entering your client_id and client_secret on successful token generation you will be authorized and the access token is added into the headers of your protected API'S.

Note:

Swagger follows OAuth 2.0 for client credentials grant flow swagger supports only client authentication type as "Basic Auth Header"