有谁知道如何在 Swagger SwashBuckle 的可用授权对话框中隐藏 client_id 和 client_secret?
Pat*_*lan 5 swagger swashbuckle asp.net-core
我允许客户通过 Swashbuckle 访问我的 SaaS API。他们需要通过可用授权弹出窗口使用 OAuth 进行身份验证。当他们通过弹出窗口单击授权按钮时,他们需要通过 gmail 进行身份验证。但是,这显示了我需要对最终用户隐藏的 Auth0 client_id 和 client_secret SwashBuckle 使用。
有谁知道是否有办法隐藏它?
我在这个问题上附上了截图。
我在 AddSwaggerGen 中的代码包含以下内容
c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Description = "oauth2",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows()
{
AuthorizationCode = new OpenApiOAuthFlow()
{
AuthorizationUrl = new Uri(settings.AuthorityAuthorizeUri),
TokenUrl = new Uri(settings.AuthorityTokenUri),
}
},
Scheme = "oauth2"
});
c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
Description = "Standard Authorization header using the Bearer scheme. Example: \"Bearer {token}\"",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey,
Scheme = "Bearer"
});
c.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme
{
Description = "Standard Authorization header using the ApiKey scheme. Example: \"ApiKey {ClientId:ClientSecret}\". Please note the prefix \"ApiKey\" is required!",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.ApiKey,
Scheme = "ApiKey"
});
c.AddSecurityRequirement(new OpenApiSecurityRequirement()
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "oauth2"
},
Scheme = "oauth2",
Name = "oauth2",
In = ParameterLocation.Header,
},
new List<string>()
},
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "Bearer"
},
Scheme = "ApiKey",
Name = "Bearer",
In = ParameterLocation.Header,
},
new List<string>()
},
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Type = ReferenceType.SecurityScheme,
Id = "ApiKey"
},
Scheme = "ApiKey",
Name = "ApiKey",
In = ParameterLocation.Header,
},
new List<string>()
}
});
我在 UseSwaggerUI 中的代码包含
c.OAuthClientId(config["ClientId"]);
c.OAuthClientSecret(config["ClientSecret"]);
c.OAuthAppName("blah");
c.OAuthScopeSeparator(string.Empty);
var param = new Dictionary<string, string>();
param.Add("audience", "blah");
param.Add("scope", "openid profile email");
c.OAuthAdditionalQueryStringParams(param);
我知道这可能很旧,但这对我有用。可以用 css 隐藏字段。摘自这篇精彩的文章OAuth PKCE flow for ASP.NET Core with Swagger
参见这部分
app.UseSwagger()
.UseSwaggerUI(options =>
{
// ...
options.InjectStylesheet("/content/swagger-extras.css");
});
和CSS
.auth-container .wrapper {
display: none;
}
| 归档时间: |
|
| 查看次数: |
880 次 |
| 最近记录: |