I have enabled oauth security scheme in my swagger and the UI shows authorize option but even if I don't authorize, the api methods are exposed and the value can be seen. configuration is services.AddSwaggerGen(c => { c.SwaggerDoc("v1", new Info { Title = "Billing Api,Title for your Api", Version = "v1" } ); // c.AddSecurityDefinition("API Key", new ApiKeyScheme() { Description = "API Key Authentication", Name = "api-key", In = "header", Type = "string" }); // c.OperationFilter<SecurityRequirementsOperationFilter>(); c.AddSecurityDefinition("oauth2", new OAuth2Scheme { Type = "oauth2", Description = "OAuth2 Implicit Grant", Flow = "implicit", AuthorizationUrl = "https://login.windows.net/tenantid/oauth2/authorize", TokenUrl = "https://login.microsoftonline.com/tenantid/oauth2/token", Scopes = new Dictionary<string, string> { {"read" , "Access app" } } });
c.OperationFilter<SecurityRequirementsOperationFilter>(); } app.UseSwaggerUI(c => { c.ConfigureOAuth2("client id", "clientsecret", "https://localhost:44369/api/Values", "apiswaggerazure", " ", new Dictionary<string, string> { { "resource", "clientid" } }); c.RoutePrefix = "swagger/ui"; c.SwaggerEndpoint("/swagger/v1/swagger.json", "My API V1"); }); public class SecurityRequirementsOperationFilter : IOperationFilter { private readonly IOptions<AuthorizationOptions> authorizationOptions; public SecurityRequirementsOperationFilter(IOptions<AuthorizationOptions> authorizationOptions) { this.authorizationOptions = authorizationOptions; } public void Apply(Operation operation, OperationFilterContext context) { if (operation.Security == null) operation.Security = new List<IDictionary<string, IEnumerable<string>>>(); var oAuthRequirements = new Dictionary<string, IEnumerable<string>> { { "oauth2", Enumerable.Empty<string>() } }; operation.Security.Add(oAuthRequirements); } } -- You received this message because you are subscribed to the Google Groups "Swagger" group. To unsubscribe from this group and stop receiving emails from it, send an email to swagger-swaggersocket+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.