Hello,
I need help using Swagger in an Asp.Net Core 6.0 API and filtering endpoints.
The goal is that only the endpoints that should be available for a specific end customer are displayed on the Swagger website. And the generated swagger.json only contains the endpoints that are also listed on the website (index.html).
I've done a lot of research and found one or two things about it, but it just doesn't want to work. Basically, I've gotten so far that you can authorize yourself on the Swagger website and depending on which access data/which bearer token was entered and which roles/policies are behind it, only these endpoints are listed. In the swagger.json generated for this purpose, however, the appropriate endpoints are always not listed. And I've tried a lot, but nothing has changed anything.
I also inject a javascript file that adjusts Swagger's behavior so that a token is read and sent with every request. That works so far, but the swagger.json is still not correct and when the link of the swagger.json is called, no request is apparently sent, or the code here does not react to any of the implementations to extend the request with the token.
Maybe someone can help?
Best regards
What I have tried:
I have provided an example project at
https://github.com/EdDeLa/SwaggerSecurityTrimmingV1 to give you an overview of the current progress and how to reproduce the error. In the Program.cs you will find the users that are created including the passwords. The data can then be used to authorize Swagger once the project has started. You can use the login endpoint for this. With the token that is then generated, you can authorize yourself at Swagger. In the Swagger dialog you have to enter the token in the following format "Bearer {Token}". Initially, only the login endpoint should be visible and if you log in as admin or user, further and different endpoints should be displayed. However, the generated swagger.json then always contains other endpoints, which is ultimately the problem.