Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

AspNet Core 2 Swagger UI: JWT authorization problem

See original GitHub issue

I have an ASP.NET Core 2 app and added NSwag to it. I use UseSwaggerUi3WithApiExplorer() and all my controllers/actions show up on the swagger ui page.

Most of my actions require a valid JWT. I’ve found the following posts, but none of them were working for my case:

Cause I’m still undecided between NSwag and Swashbuckle, I’ve tried to do the same with Swashbuckle, following this guide: https://ppolyzos.com/2017/10/30/add-jwt-bearer-authorization-to-swagger-and-asp-net-core/

With Swashbuckle, I get the Authorize button with no problem, I can add my JWT ('Bearer ’ + token) and then successfully call the protected actions.

I compared the generated swagger.json files and noticed, that the Swashbuckle version includes this at the end:

"securityDefinitions": {
    "Bearer": {
      "name": "Authorization",
      "in": "header",
      "type": "apiKey",
      "description": "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\""
    }
  },
  "security": Array[1][
    {
      "Bearer": Array[0][
        
      ]
    }
  ]

whereas the NSwag swagger.json file does not include any securityDefinitions/security entries.

Issue Analytics

State:
Created 5 years ago
Comments:8 (4 by maintainers)

Top GitHub Comments

2reactions

nstohlercommented, May 17, 2018

I found the problem! For some reason (probably cause I was copy/pasting code from various locations into my sample project), I had in my Configure() the following code:

// NON-WORKING!!!
app.UseSwaggerWithApiExplorer(settings =>
{
	settings.PostProcess = document =>
	{
		document.Info.Version = "v1";
		...
	};
});

app.UseSwaggerUi3WithApiExplorer(settings =>
{
	settings.DocExpansion = "list";

	settings.GeneratorSettings.OperationProcessors.Add(new OperationSecurityScopeProcessor("JWT token"));

	settings.GeneratorSettings.DocumentProcessors.Add(new SecurityDefinitionAppender("JWT token",
		new SwaggerSecurityScheme
		{
			Type        = SwaggerSecuritySchemeType.ApiKey,
			Name        = "Authorization",
			Description = "Copy 'Bearer ' + valid JWT token into field",
			In          = SwaggerSecurityApiKeyLocation.Header,
		}));
});
			
app.UseMvc();

Only the UseSwaggerWithApiExplorer() got applied then, the call to UseSwaggerUi3WithApiExplorer() was basically ignored (or at least the GeneratorSettings in there, the DocExpansion worked).

So I changed it to the following, and now it’s displaying the Authorize button and WORKING:

app.UseSwaggerUi3WithApiExplorer(settings =>
{
	settings.PostProcess = document =>
	{
		document.Info.Version = "v1";
		...
	};

	settings.DocExpansion = "list";
													
	settings.GeneratorSettings.OperationProcessors.Add(new OperationSecurityScopeProcessor("JWT token"));

	settings.GeneratorSettings.DocumentProcessors.Add(new SecurityDefinitionAppender("JWT token",
		new SwaggerSecurityScheme
		{
			Type        = SwaggerSecuritySchemeType.ApiKey,
			Name        = "Authorization",
			Description = "Copy 'Bearer ' + valid JWT token into field",
			In          = SwaggerSecurityApiKeyLocation.Header,
		}));
});

0reactions

sander1095commented, Dec 18, 2020

Of course 😃

I am using this

options.OperationProcessors.Add(new OperationSecurityScopeProcessor("NAME"));
options.AddSecurity("NAME", new OpenApiSecurityScheme()
{
    Type = OpenApiSecuritySchemeType.ApiKey,
    Name = "Authorization",
    In = OpenApiSecurityApiKeyLocation.Header,
    Description = "DESC"
});

I was hoping to fix this by just changing these settings 😉 If I need to use PostProcess or something else, I won’t bother. It’s not that important, but it’s a shame that the behavior is a bit different 😃