skoruba
How to show all scopes dynamically in swagger authorization?
Is there any way to show all scopes in Swagger Available authorizations pop up? I can see this below code to add scopes but it is reading scopes from configuration.
options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
AuthorizationCode = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri($"{adminApiConfiguration.IdentityServerBaseUrl}/connect/authorize"),
TokenUrl = new Uri($"{adminApiConfiguration.IdentityServerBaseUrl}/connect/token"),
Scopes = new Dictionary<string, string> {
{ adminApiConfiguration.OidcApiName, adminApiConfiguration.ApiName }//here I need to load scops dynamically
}
}
}
});
Refer below screenshot
Hello, why do you need this one?
I have different scopes for different apis. Consider following scope example
supported scopes
Calender api
1: calender.read 2: calender.write
Activity api
1: activity.read 2: activity.write
So I want to show all available scopes.
Hope I don't say something wrong, but those should be the roles a user could have, not the scopes. A scope identify a resource which in this case is your API. To further restrict access to different functionalities of your API, you can create authorization filters based on user roles.
And to answer your initial question, depending from where you want to retrieve the scopes, let;s say from DB, then you need to retrieve the db service, from the ServiceProvider and query for your services. // But it is not recommended.
var adminApiConfiguration = services.BuildServiceProvider().GetService<IAdminApiConfiguration>(); // this needs to be registered before requesting it... But again, this is bad practice.
...
Scopes = new Dictionary<string, string> {
{
adminApiConfiguration.OidcApiScope1, adminApiConfiguration.ApiName1 -> this can be a list of scopes.
}
...
But you need to make sure that the same scopes are defined in you API Authorize Filter.
Hope I don't say something wrong, but those should be the roles a user could have, not the scopes. A scope identify a resource which in this case is your API. To further restrict access to different functionalities of your API, you can create authorization filters based on user roles.
Thanks for reply.
Basically what I am trying is, when user allow permission to third party client to read his activity data(activity.read) then only I need to allow permission to execute activity.read api i.e. Activity resource else trigger error something like you don't have permission to access this resource.
And to answer your initial question, depending from where you want to retrieve the scopes, let;s say from DB, then you need to retrieve the db service, from the ServiceProvider and query for your services. // But it is not recommended.
var adminApiConfiguration = services.BuildServiceProvider().GetService<IAdminApiConfiguration>(); // this needs to be registered before requesting it... But again, this is bad practice. ... Scopes = new Dictionary<string, string> { { adminApiConfiguration.OidcApiScope1, adminApiConfiguration.ApiName1 -> this can be a list of scopes. } ...But you need to make sure that the same scopes are defined in you API Authorize Filter.
I trying to implement something like below link.
https://dev.fitbit.com/build/reference/web-api/explore/