-
|
Hi there, I'm struggling configuring Scalar .NET with IdentityServer to authenticate against it. I'm using .NET 10, Microsoft.AspNetCore.OpenApi to generate the open api document, and a custom IdentityServer local instance as an IdP. The problem is that once configured, there's no way to properly authenticate, it prompts an iframe and I can log in, but then nothing happens. The prompt isn't closed so even though the login is successful, the Scalar UI doesn't authenticate actually. Should the iframe be closed automatically and redirect? should we configure somehow to open the login window in the same tab that is requesting it? another configuration missing? Open API configuration services.AddOpenApi(options =>
{
options.AddDocumentTransformer((document, context, ct) =>
{
document.Components ??= new();
document.Components.SecuritySchemes ??= new Dictionary<string, IOpenApiSecurityScheme>();
// OAuth2 Authorization Code + PKCE (for Scalar login)
document.Components.SecuritySchemes["OAuth2"] = new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Description = "OAuth2 Authorization Code Flow with PKCE",
Flows = new OpenApiOAuthFlows
{
AuthorizationCode = new OpenApiOAuthFlow
{
AuthorizationUrl = new Uri($"{authority}/connect/authorize"),
TokenUrl = new Uri($"{authority}/connect/token"),
Scopes = scopes
}
}
};
// Bearer JWT (what the API actually expects)
document.Components.SecuritySchemes["Bearer"] = new OpenApiSecurityScheme
{
Type = SecuritySchemeType.Http,
Scheme = "bearer",
BearerFormat = "JWT",
Description = "JWT Bearer token"
};
return Task.CompletedTask;
});
options.AddOperationTransformer((operation, context, ct) =>
{
var hasAllowAnonymous = context.Description.ActionDescriptor.EndpointMetadata
.OfType<AllowAnonymousAttribute>()
.Any();
if (!hasAllowAnonymous)
{
operation.Security ??= [];
operation.Security.Add(new OpenApiSecurityRequirement
{
[new OpenApiSecuritySchemeReference("OAuth2", context.Document)] = scopes.Keys.ToList()
});
}
return Task.CompletedTask;
});
});Scalar Configurationif (app.Environment.IsDevelopment())
{
app.MapOpenApi();
app.MapScalarApiReference(opt =>
{
opt
.WithTitle(apiName)
.WithTheme(ScalarTheme.Kepler)
.AddPreferredSecuritySchemes("OAuth2")
.AddOAuth2Flows("OAuth2", flow =>
{
flow.AuthorizationCode = new AuthorizationCodeFlow
{
ClientId = "scalar-ui-client",
Pkce = Pkce.Sha256,
SelectedScopes = ["openid", "profile", "api.read", "api.write"],
RedirectUri = "https://localhost:7301/scalar/oauth/callback"
};
flow.AuthorizationCode.WithCredentialsLocation(CredentialsLocation.Body);
});
});
}Client configuration in IdentityServer new Client
{
ClientId = "scalar-ui-client",
ClientName = "Scalar UI Client",
AllowedGrantTypes = GrantTypes.Code,
RequirePkce = true,
RequireClientSecret = false,
RedirectUris = { "https://localhost:7301/scalar/oauth/callback" },
AllowedCorsOrigins = { "https://localhost:7301" },
AllowedScopes =
{
"openid", "profile", "api.read", "api.write"
},
AllowOfflineAccess = false
},I'd appreciate any help here; I've already checked other issues and questions and there are not too much exaples or clear documentation about it. Thanks in advance! |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
Trying to reproduce the problem easily: I've created a sample repo based on my current project, it has the same configuration and the same issue. here There's a discussion opened in IdentityServer project as well here I'll appreciate any help 🙏🫶 |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
Solved thanks to @wcabus in this question here