-1

I'm developing a solution with IdentityServer4, a protected web api and a consumer (console app to testing).

I use Swashbuckle.AspNetCore package to auto-document my web api.

In my ConfigureServices method in the web api I write this code:

services.AddSwaggerGen(c =>
        {
            c.SwaggerDoc("v1", new Info { Title = "API v1", Version = "v1" });
            c.SwaggerDoc("v2", new Info { Title = "API v2", Version = "v2" });
            c.AddSecurityDefinition("oauth2", new OAuth2Scheme()
            {
                AuthorizationUrl = "http://localhost:5000/connect/authorize",
                Flow = "accessCode",
                TokenUrl = "http://localhost:5000/connect/token",
                Scopes = new Dictionary<string, string> { { "api1", "My API" } }
            });
            c.OperationFilter<AuthorizationHeaderParameterOperationFilter>();            
        });

When I click to authorize button in Swagger.UI page, I redirect to IdentityServer and here I enter user credentials and it works. So now I have to enter access token (in Swagger.UI page) to access to my protected endpoint to see documentation:

[ApiExplorerSettings(GroupName = "v2")]
public class ValuesController : Controller
{
    [HttpGet("[controller]")]
    [Authorize]
    public async Task<IEnumerable<string>> GetAsync()
    {
        var accessToken = await HttpContext.Authentication.GetTokenAsync("access_token");
        return new string[] { "value1", "value2" };
    }
}

But where is the access token saved? If I call my api and I put a breakpoint I have the access token in accessToken variable. I think it should do valorized automatically the access token in authorization header? What are the steps?

Thanks in advance

Mini Dev 1
  • 169
  • 1
  • 2
  • 8

2 Answers2

0

try this

var accesstoken = await HttpContext.GetTokenAsync("access_token");

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
0

I solved it using client credentials flow.

Mini Dev 1
  • 169
  • 1
  • 2
  • 8