Activities of "barrett2474"

So it turns out the application template is using the **wrong **method call - it should be in ConfigureSwaggerServices. If peolple out there are using the code as is from the Blazor Server Template then they have zero security - wide open.

`` services.AddAbpSwaggerGenWithOAuth(
            configuration["AuthServer:Authority"], 
            new Dictionary<string, string>
           {
                    {"xxx", "xAPI"}
           },
            options =>
            {
                options.SwaggerDoc("v1", new OpenApiInfo { Title = "xAPI", Version = "v1" });
                options.DocInclusionPredicate((docName, description) => true);
                options.CustomSchemaIds(type => type.FullName);
            }
        );`
`

NOT

`` services.AddAbpSwaggerGen(
            options =>
            {
                options.SwaggerDoc("v1", new OpenApiInfo { Title = "EL API", Version = "v1" });
                options.DocInclusionPredicate((docName, description) => true);
                options.CustomSchemaIds(type => type.FullName);
            }
        );``

If you're creating a bug/problem report, please include followings:

• ABP Framework version: v5.2.2
• UI type: Blazor Server
• DB provider: EF Core
• **Tiered (MVC) no
• Exception message and stack trace:
• Steps to reproduce the issue:"

I used the template of Blazor Server and got it up and running. I navigated to the swagger page b4 logging-in .no cookies in the browser as it was a private window. ERROR: no exception but I am very concerned that I was able to make calls on the api via the swagger page despite not been logged in.