Securing the default page of OpenAPI documentation

Question

Dear community,
&nbsp;
I am trying to generate OpenAPI documentation for my existing .net core Web API's. The Web API's are protected by AAD B2C (by OAuth 2.0 spec). But when implementing the open API documentation, the default documentation page popping up without any credential verififcaiton. Since my requirement is to make the default page that lists the titles and documentation as well need an authentication before displaying that page.
&nbsp;
I was thinking to have separate authorization filter for documentation path, but how to configure the handshaking part of OAuth is looking grey to me.&nbsp;
&nbsp;
Could someone help me on this?
&nbsp;
Regards,
Shanmugam

ronratovsky · Answer

Swagger UI at the end is a set of static assets being served by your application. Acess control is not within its features and you'd need to configure that the same way you'd configure it for any other static asset within your application.

Forum Discussion

Securing the default page of OpenAPI documentation

Related Content

Remove default security scheme description

log4j security vulnerability

Change Default Web Browser

Test Fails When Running with Tag: Double Parameter Default Issue

[Solved] SSL Handshake exception calling a secure webservice

Recent Discussions

Bootstrapped servlet returns empty JSON as of 2.2.24

Python 3.6 client support

I want to add variable in swagger like postman

Endpoint Expansion

Mixed-Type Arrays with java swagger-annotations 2.0.3.