Activities of "petri.t"

Fix is working for me too, thanks. I'm just copy/pasting here the full AddAbpSwaggerGenWithOidc code just in case.

Without workaround:

   context.Services.AddAbpSwaggerGenWithOidc(
        configuration["AuthServer:Authority"]!,
        ["AbpTest221b"],
        [AbpSwaggerOidcFlows.AuthorizationCode],
        configuration["AuthServer:MetaAddress"],
        options =>
        {
            options.SwaggerDoc("v1", new OpenApiInfo { Title = "AbpTest221b API", Version = "v1" });
            options.DocInclusionPredicate((docName, description) => true);
            options.CustomSchemaIds(type => type.FullName);
        });

With workaround:

    context.Services.AddAbpSwaggerGenWithOidc(
        configuration["AuthServer:Authority"]!,
        ["AbpTest221b"],
        [AbpSwaggerOidcFlows.AuthorizationCode],
        configuration["AuthServer:MetaAddress"],
        options =>
        {
            options.SwaggerDoc("v1", new OpenApiInfo { Title = "AbpTest221b API", Version = "v1" });
            options.DocInclusionPredicate((docName, description) => true);
            options.CustomSchemaIds(type => type.FullName);

            options.SwaggerGeneratorOptions.SecurityRequirements.Clear();
            options.AddSecurityRequirement(document => new OpenApiSecurityRequirement()
            {
                [new OpenApiSecuritySchemeReference("oidc", document)] = []
            });
        });

UserLookup service was bad example, it gives 403 even when authenticated, /api/account-admin/settings is better example. But basically problem is about missing authentication headers and should therefore affect any endpoint requiring authentication.

I tried to create new solutions with abp cli version 2.1.9 and 2.2.1. 2.1.9 creates solution for abp version 10.0.2 and 2.2.1 for abp version 10.1.0. In version 10.0.2 swagger does send Authentication header and api calls are able to authenticate. In version 10.1.0 swagger doesn't send Authentication header and therefore any api call requiring authentication can't work.

Here are steps to create solution with version 10.0.2 where swagger works:

dotnet tool uninstall -g Volo.Abp.Studio.Cli

dotnet tool install -g Volo.Abp.Studio.Cli --version 2.1.9

abp new AbpTest219 --tiered

Open solution in ABP Studio

• start everything
• browse HttpApi.Host-project
• copy url and open it in chrome or edge
• login to swagger with admin (and correct scope)
• try any endpoint that requires authentication, for example /api/account-admin/settings
• swagger sends Authorization header
• swagger gives http 200 result:

{ "isSelfRegistrationEnabled": true, "enableLocalLogin": true, "preventEmailEnumeration": false }

And here are steps to create solution with version 10.1.0 where swagger doesn't work:

dotnet tool uninstall -g Volo.Abp.Studio.Cli

dotnet tool install -g Volo.Abp.Studio.Cli --version 2.2.1

abp new AbpTest221 --tiered

Open solution in ABP Studio

• start everything
• browse HttpApi.Host-project
• copy url and open it in chrome or edge
• login to swagger with admin (and correct scope)
• try any endpoint that requires authentication, for example /api/account-admin/settings
• swagger doesn't Authorization header
• swagger gives http 401 result

I tried to update the project from ABP Studio to latest version (10.1.1), the same problem still exists. But if I upgrade the project to preview version 10.2.0-rc.2 (requires migration), swagger works again.

So there seems to be problem in both versions 10.1.0 and 10.1.1, that swagger doesn't send authentication header.

For me the workaround could be continuing temporarily with preview version, but this seems like a bug in version 10.1 and I don't like to see this problem reappearing in final version of 10.2.

Problem exists also in Edge. I tried also InPrivate window.