https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/develop\/quickstart-configure-app-expose-web-apis<\/a><\/p>\n\n\n\nSo to configure SwaggerUI…<\/p>\n\n\n\n
builder.Services.AddSwaggerGen(options =>\n{\n\n var AzureAdMetadata = builder.Configuration[\"SwaggerClient:Metadata\"]!;\n\n options.AddSecurityDefinition(\"Oauth2\", new OpenApiSecurityScheme\n {\n In = ParameterLocation.Header,\n \/\/Description = \"Please enter a valid token\",\n Name = \"Authorization\",\n Type = SecuritySchemeType.OpenIdConnect,\n BearerFormat = \"JWT\",\n Scheme = \"Bearer\",\n OpenIdConnectUrl = new Uri(AzureAdMetadata),\n \n });\n\n options.AddSecurityRequirement(new OpenApiSecurityRequirement\n {\n {\n new OpenApiSecurityScheme\n {\n Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = \"Oauth2\" }\n },\n new string[]{}\n }\n });\n});\n\n\/\/ ...\n\napp.UseSwagger();\napp.UseSwaggerUI(options =>\n{\n options.OAuthClientId(builder.Configuration[\"SwaggerClient:ClientId\"]);\n options.OAuth2RedirectUrl(builder.Configuration[\"SwaggerClient:RedirectUrl\"]);\n options.OAuthScopes(new[] { builder.Configuration[\"SwaggerClient:Scopes\"], \"openid\", \"profile\", \"offline_access\" });\n options.OAuthUsePkce();\n options.SwaggerEndpoint(\"\/swagger\/v1\/swagger.json\", \"v1\");\n \/\/options.RoutePrefix = string.Empty;\n});<\/pre>\n\n\n\nDon’t forget to add your redirect URI “https:\/\/YOUR_APP_PATH\/oauth2-redirect.html” as a single page application reply address on the client application registration.<\/p>\n\n\n\n
Your appsettings.json will look something like this…<\/p>\n\n\n\n
{\n \/*\nThe following identity settings need to be configured\nbefore the project can be successfully executed.\nFor more info see https:\/\/aka.ms\/dotnet-template-ms-identity-platform\n*\/\n \"SwaggerAPI\": {\n \"Instance\": \"https:\/\/login.microsoftonline.com\/\",\n \"Domain\": \"your_domain.onmicrosoft.com\",\n \"TenantId\": \"YOUR_TENANT_ID\",\n \"ClientId\": \"YOUR_API_APP_ID\",\n \"Audience\": \"AUD_CLAIM_FROM_ACCESS_TOKEN\"\n },\n \"SwaggerClient\": {\n \"Metadata\": \"https:\/\/login.microsoftonline.com\/YOUR_TENANT_ID\/v2.0\/.well-known\/openid-configuration\",\n \"ClientId\": \"YOUR_CLIENT_APP_ID\",\n \"RedirectUrl\": \"https:\/\/YOUR_APP_PATH\/oauth2-redirect.html\",\n \"Scopes\": \"SCOPE_VALUE_FOR_YOUR_API\"\n },<\/pre>\n\n\n\nAnd your authentication code if using Microsoft Identity Web would look like this…<\/p>\n\n\n\n
builder.Services.AddMicrosoftIdentityWebApiAuthentication(builder.Configuration, \"SwaggerAPI\");<\/code><\/pre>\n\n\n\nWhen all said and done, after launching your Swagger app, you should now see an Authorize button at the top of your page. This will load the “Swagger Client” to acquire the access token. Then, when you test your API calls from the Swagger UI, it will automatically pass the access token.<\/p>\n\n\n\n
<\/p>\n","protected":false},"excerpt":{"rendered":"
Do not forget the basic principles of Open ID Connect and OAuth2. When you want to protect an API with OAuth2 and Azure AD, you must pass an access token that will be validated. So if you want to test with SwaggerUI, on accessing the API portion, SwaggerUI must be configured to authenticate, acquire an access token, and pass it to the API. Before we get started, ensure you create…<\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[307,3],"tags":[145,315],"class_list":["post-9327","post","type-post","status-publish","format-standard","hentry","category-asp-net-core","category-authentication","tag-azuread","tag-swagger"],"_links":{"self":[{"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/posts\/9327"}],"collection":[{"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/comments?post=9327"}],"version-history":[{"count":9,"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/posts\/9327\/revisions"}],"predecessor-version":[{"id":9366,"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/posts\/9327\/revisions\/9366"}],"wp:attachment":[{"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/media?parent=9327"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/categories?post=9327"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.aaddevsup.xyz\/wp-json\/wp\/v2\/tags?post=9327"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}