Securing the default page of OpenAPI documentation

Question

Dear community,
&nbsp;
I am trying to generate OpenAPI documentation for my existing .net core Web API's. The Web API's are protected by AAD B2C (by OAuth 2.0 spec). But when implementing the open API documentation, the default documentation page popping up without any credential verififcaiton. Since my requirement is to make the default page that lists the titles and documentation as well need an authentication before displaying that page.
&nbsp;
I was thinking to have separate authorization filter for documentation path, but how to configure the handshaking part of OAuth is looking grey to me.&nbsp;
&nbsp;
Could someone help me on this?
&nbsp;
Regards,
Shanmugam

ronratovsky · Answer

Swagger UI at the end is a set of static assets being served by your application. Acess control is not within its features and you'd need to configure that the same way you'd configure it for any other static asset within your application.

Forum Discussion

Securing the default page of OpenAPI documentation

1 Reply

Related Content

Remove default security scheme description

Test Fails When Running with Tag: Double Parameter Default Issue

log4j security vulnerability

OCR service failed to process the document

Change Default Web Browser

Recent Discussions

Long shot question from noob

GROUPING CONTROLLERS INTO SEPARATE SWAGGER UI PAGES

oneOf or anyOf for the header schema

Should the Curl command show the path to the file to be uploaded

ID_TOKEN as the header in the Google OAUTH2.0