有谁知道如何在Swagger SwashBuckle中隐藏可用授权对话框中的client_id和client_secret?

kjthegm6  于 7个月前  发布在  其他
关注(0)|答案(1)|浏览(107)

我允许客户通过Swashbuckle访问我的SaaS API。他们需要通过可用授权弹出窗口使用OAuth进行身份验证。当他们通过弹出窗口单击授权按钮时,他们需要通过gmail进行身份验证。然而,这显示了Auth0 client_id和client_secret SwashBuckle使用的,我需要对最终用户隐藏。
有谁知道有没有办法把它藏起来?
我已经附上了这个问题的截图。
我在AddSwaggerGen中的代码包含以下内容

c.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
    Description = "oauth2",
    Name = "Authorization",
    In = ParameterLocation.Header,
    Type = SecuritySchemeType.OAuth2,
    Flows = new OpenApiOAuthFlows()
    {
        AuthorizationCode = new OpenApiOAuthFlow()
        {
            AuthorizationUrl = new Uri(settings.AuthorityAuthorizeUri),
            TokenUrl = new Uri(settings.AuthorityTokenUri),
        }
    },
    Scheme = "oauth2"
});

c.AddSecurityDefinition("Bearer", new OpenApiSecurityScheme
{
    Description = "Standard Authorization header using the Bearer scheme. Example: \"Bearer {token}\"",
    Name = "Authorization",
    In = ParameterLocation.Header,
    Type = SecuritySchemeType.ApiKey,
    Scheme = "Bearer"
});

c.AddSecurityDefinition("ApiKey", new OpenApiSecurityScheme
{
    Description = "Standard Authorization header using the ApiKey scheme. Example: \"ApiKey {ClientId:ClientSecret}\". Please note the prefix \"ApiKey\" is required!",
    Name = "Authorization",
    In = ParameterLocation.Header,
    Type = SecuritySchemeType.ApiKey,
    Scheme = "ApiKey"
});

c.AddSecurityRequirement(new OpenApiSecurityRequirement()
{
    {
        new OpenApiSecurityScheme
        {
            Reference = new OpenApiReference
            {
                Type = ReferenceType.SecurityScheme,
                Id = "oauth2"
            },
            Scheme = "oauth2",
            Name = "oauth2",
            In = ParameterLocation.Header,

        },
        new List<string>()
    },
    {
        new OpenApiSecurityScheme
        {
            Reference = new OpenApiReference
            {
                Type = ReferenceType.SecurityScheme,
                Id = "Bearer"
            },
            Scheme = "ApiKey",
            Name = "Bearer",
            In = ParameterLocation.Header,

        },
        new List<string>()
    },
    {
        new OpenApiSecurityScheme
        {
            Reference = new OpenApiReference
            {
                Type = ReferenceType.SecurityScheme,
                Id = "ApiKey"
            },
            Scheme = "ApiKey",
            Name = "ApiKey",
            In = ParameterLocation.Header,

        },
        new List<string>()
    }
});

字符串
我在SwaggerUI中的代码包含

c.OAuthClientId(config["ClientId"]);
c.OAuthClientSecret(config["ClientSecret"]);
c.OAuthAppName("blah");
c.OAuthScopeSeparator(string.Empty);
var param = new Dictionary<string, string>();
param.Add("audience", "blah");
param.Add("scope", "openid profile email");
c.OAuthAdditionalQueryStringParams(param);


的数据

swagger

1条答案

按热度按时间
m1m5dgzv

m1m5dgzv1#

我知道这可能是旧的,但这对我来说是有效的。人们可以用css隐藏字段。摘自这篇伟大的文章OAuth PKCE flow for ASP.NET Core with Swagger
看到这部分了吗

app.UseSwagger()
.UseSwaggerUI(options =>
{
    // ...        
    options.InjectStylesheet("/content/swagger-extras.css");
});

字符串
和css

.auth-container .wrapper {
display: none;
}

赞(0)分享  回复(0)举报  6个月前
我来回答

相关问题

    查看更多
    微信公众号

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com