So it turns out the application template is using the **wrong **method call - it should be in ConfigureSwaggerServices. If peolple out there are using the code as is from the Blazor Server Template then they have zero security - wide open.
`` services.AddAbpSwaggerGenWithOAuth(
configuration["AuthServer:Authority"],
new Dictionary<string, string>
{
{"xxx", "xAPI"}
},
options =>
{
options.SwaggerDoc("v1", new OpenApiInfo { Title = "xAPI", Version = "v1" });
options.DocInclusionPredicate((docName, description) => true);
options.CustomSchemaIds(type => type.FullName);
}
);`
`
NOT
`` services.AddAbpSwaggerGen(
options =>
{
options.SwaggerDoc("v1", new OpenApiInfo { Title = "EL API", Version = "v1" });
options.DocInclusionPredicate((docName, description) => true);
options.CustomSchemaIds(type => type.FullName);
}
);``