Add JWT Bearer Authorization to Swagger and ASP.NET Core

https://ppolyzos.com/2017/10/30/add-jwt-bearer-authorization-to-swagger-and-asp-net-core/

If you have an ASP.NET Core web application that already has JWT authorization, this guide will help you add JWT (JSON Web Token) support to the Swagger UI.

What is Swagger UI?

Swagger UI is a collection of HTML, Javascript and CSS assets that dynamically generates beautiful documentation from a Swagger-compliant API. You can learn more in https://swagger.io/ and in the project’s GitHub repository.

Setup Swagger UI in ASP.NET Core

In order to use Swagger UI in your ASP.NET Core project you need a NuGet package called Swashbuckle.AspNetCore. You can add it to your project either by command line:

1	dotnet add package swashbuckle.aspnetcore

or using the NuGet package manager in Visual Studio:

Then you need to add Swagger support toConfigureServices(IServiceCollection services) and toConfigure(IApplicationBuilder app, IHostingEnvironment env) in your application’s Startup.cs file. To do so, you need to create a SwaggerServiceExtensions class and add the necessary code to support Swagger in your app.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

using Microsoft.AspNetCore.Builder; using Microsoft.Extensions.DependencyInjection; using Swashbuckle.AspNetCore.Swagger;   namespace JwtSwaggerDemo.Infrastructure {     public static class SwaggerServiceExtensions     {         public static IServiceCollection AddSwaggerDocumentation(this IServiceCollection services)         {             services.AddSwaggerGen(c =>             {                 c.SwaggerDoc("v1.0", new Info { Title = "Main API v1.0", Version = "v1.0" });                   c.AddSecurityDefinition("Bearer", new ApiKeyScheme                 {                     Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",                     Name = "Authorization",                     In = "header",                     Type = "apiKey"                 });             });               return services;         }           public static IApplicationBuilder UseSwaggerDocumentation(this IApplicationBuilder app)         {             app.UseSwagger();             app.UseSwaggerUI(c =>             {                 c.SwaggerEndpoint("/swagger/v1.0/swagger.json", "Versioned API v1.0");                   c.DocExpansion("none");             });               return app;         }     } }

Changes in Startup.cs file

Using the above class, the only thing you need to do in your Startup.cs file is the following:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25

namespace JwtSwaggerDemo {     public class Startup     {         // This method gets called by the runtime. Use this method to add services to the container.         public IServiceProvider ConfigureServices(IServiceCollection services)         {             //... rest of services configuration             services.AddSwaggerDocumentation();                        //...         }           // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.         public void Configure(IApplicationBuilder app, IHostingEnvironment env)         {             if (env.IsDevelopment())             {                 //.... rest of app configuration                 app.UseSwaggerDocumentation();             }                 //.... rest of app configuration         }     } }

Authorize requests in Swagger UI

Now, when you load the Swagger’s UI address (e.g: https://localhost:44321/swagger/#/), you will see an Authorize button at the top. Clicking on it leads to a modal window, which allows you to authorize your app with a JWT token, by adding Bearer <your_token> in the value input field.

It is like logging in with a user and, therefore, all your next API calls will be using this token to authorize requests.

How it works

In the following video, you may see how to request a JWT token for a user and then use it to access authorized requests.

For swagger 2.x

To support JWT authentication in Swagger 2.x you need to update your code with the following snippet:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48

using Microsoft.AspNetCore.Builder; using Microsoft.Extensions.DependencyInjection; using Swashbuckle.AspNetCore.Swagger;   namespace JwtSwaggerDemo.Infrastructure {     public static class SwaggerServiceExtensions     {         public static IServiceCollection AddSwaggerDocumentation(this IServiceCollection services)         {             services.AddSwaggerGen(c =>             {                 c.SwaggerDoc("v1.0", new Info { Title = "Main API v1.0", Version = "v1.0" });                   // Swagger 2.+ support                 var security = new Dictionary<string, IEnumerable<string>>                 {                     {"Bearer", new string[] { }},                 };                   c.AddSecurityDefinition("Bearer", new ApiKeyScheme                 {                     Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",                     Name = "Authorization",                     In = "header",                     Type = "apiKey"                 });                 c.AddSecurityRequirement(security);             });               return services;         }           public static IApplicationBuilder UseSwaggerDocumentation(this IApplicationBuilder app)         {             app.UseSwagger();             app.UseSwaggerUI(c =>             {                 c.SwaggerEndpoint("/swagger/v1.0/swagger.json", "Versioned API v1.0");                   c.DocumentTitle = "Title Documentation";                 c.DocExpansion(DocExpansion.None);             });               return app;         }     } }