Forum Discussion

darshanhira's avatar
darshanhira
Occasional Contributor
2 months ago

Darshan Hiranandani : Is there a way to bypass the authorization dialog window?

Hi team,

I’m working on integrating Swagger UI with Microsoft Entra ID for API authentication. I've set up the OAuth2 flow and can successfully authenticate and authorize users. However, I’m facing an issue with the "Available authorizations" dialog that appears after the user clicks the "Authorize" button.

Currently, the dialog prompts users to enter the client ID, secret, and select the appropriate scope. Since I've preconfigured these details and the user only needs to authenticate, I’d like to bypass this dialog and directly initiate the login process.

builder.Services.AddSwaggerGen(options => { // ... existing code ... options.AddSecurityDefinition("oauth2", new OpenApiSecurityScheme { Description = "OAuth 2.0 AuthorizationCode flow", Type = SecuritySchemeType.OAuth2, Flows = new OpenApiOAuthFlows { AuthorizationCode = new Microsoft.OpenApi.Models.OpenApiOAuthFlow { AuthorizationUrl = new Uri($"https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize"), TokenUrl = new Uri($"https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token"), Scopes = new Dictionary<string, string> { { $"api://{clientId}/access", "Access API endpoints" }, }, } } }); options.AddSecurityRequirement(new OpenApiSecurityRequirement { { new OpenApiSecurityScheme { Reference = new OpenApiReference { Type = ReferenceType.SecurityScheme, Id = "oauth2" } }, Array.Empty<string>() } }); }); app.UseSwagger(); app.UseSwaggerUI(options => { // Configure oAuth options.OAuthClientId(clientId); options.OAuthUsePkce(); options.OAuth2RedirectUrl($"{baseUrl}/swagger/oauth2-redirect.html"); options.OAuthScopeSeparator(" "); options.OAuthScopes($"api://{clientId}/access"); // Set up the API version description var provider = app.Services.GetRequiredService<IApiVersionDescriptionProvider>(); foreach (var description in provider.ApiVersionDescriptions) { options.SwaggerEndpoint($"/swagger/{description.GroupName}/swagger.json", $"My API{description.ApiVersion}"); } });

I’ve tried various approaches, but nothing seems to bypass this dialog successfully.

Has anyone tackled this issue or have any suggestions on how to directly initiate the login process without showing the "Available authorizations" dialog? Any insights or solutions would be greatly appreciated!

Regards

Darshan Hiranandani

 

No RepliesBe the first to reply