We have managed to successfully secure our API using JWT authentication and provide a Swagger UI to allow us to submit API requests with a valid JWT token. The result will be a successful response: The token once generated can be used to test access of our secure methods.įor our final task we will conduct the security test.Ĭlick the padlock on the operation and the following dialog appears:Įnter the bearer authorization token and select Authorize.Īfter clicking on the Try it out link, the authorization token will be prefilled as shown:įollowing execution of the API method and provided the token is valid, the operation will succeed.ĭuring debugging, any breakpoints within our protected API method will be accessible: The access token is a lengthy string containing scrambled alphanumeric characters. If youre building a single-page application, using swagger-editor is strongly recommended, since swagger-editor-dist is significantly larger. If your current API project is not your identity API then using POSTMAN to access it through an existing deployment (for example on your local IIS) of your identity service is an alternative. swagger-editor-dist is a dependency-free module that includes everything you need to serve Swagger Editor in a server-side project, or a web project that cant resolve npm module dependencies. The fourth task involves generating the JWT token.Įntering the credentials to your data will give the desired token: When we re-build and run our API application the Swagger methods will show as follows: New ) Ĭ.AddSecurityDefinition("Bearer", new ApiKeyScheme()ĭescription = "Please enter into field the word 'Bearer' following by space and JWT", Public void ConfigureServices(IServiceCollection services) However they are somehow technology specific.
There are some tools for Java that help you with this. I highly recommend using Asciidoctor for writing documentation. So, if you need to document an API, use a format that is created for that purpose. Use this method to add services to the container. The original problem swagger tries to solve is: API documentation. This method gets called by the runtime. This is done as follows in our Startup.cs:
#SWAGGER EDITOR SECURITY CODE#
Public IActionResult Token(UserViewModel userDto)įor the second task, we implement code to enable Swagger API definitions to be generated for our Web API. Public class UsersController : Controller
0 kommentar(er)
