Skip to content
Demo for trimming visibility of endpoints in Swagger
C# HTML JavaScript
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.vscode
src Added new Swagger UI version Feb 3, 2017
.gitattributes
.gitignore
LICENSE
README.md
SwaggerSecurityTrimming.sln
global.json

README.md

Demo for Swagger security trimming

For details see blog post.

V1 contains Swagger UI client where to pass Bearer token we had to overide index.html file. V2 contains example with latest version of Swagger UI, where there is a configuration for passing token in header and no index.html overide required.

Running

To run the demo:

  • Have .NET Core installed
  • Clone the repo
  • Execute:
dotnet restore
cd src/V1 # or cd src/V2
dotnet run

Browse to http://localhost:5000. Using tokens below different endpoint will be showen in Swagger.

Tokens

Authenticated user:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.lMQZ-L2fcyy9tgM_RyOt7BCyHnnryQweBmhgVUC9Qc4

With scope can-update:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZXMiOlsiYXBpOnVwZGF0ZSJdfQ.ok6saWx1101ygDqz-GrhHBJMyINUB2NqpE4k6BYc47s

With scope can-delete:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZXMiOlsiYXBpOmRlbGV0ZSJdfQ.6YAU8_DLiyixE2xxoGuZnPTOo6Dzoz4cQ3QzM69p5o4

With both scopes can-update and can-delete:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzY29wZXMiOlsiYXBpOnVwZGF0ZSIsImFwaTpkZWxldGUiXX0.DXynNpRlNLUWevAazv4vEOLYDGzkEfI8OAnP2qihJr8
You can’t perform that action at this time.