How to Authorize Swagger to use MS Graph API

Question

We are building a Web API wrapper for MS Graph API.

I want to use Swagger to test my APIs. But I can't get the configuration right. I keep getting Bad Request and no other clue. I can't install Fiddler or other tools on this corporate laptop to help me investigate.

Here is the Error

And here is the code to configure Swagger:

app.UseSwaggerUi3WithApiExplorer(settings =>
{
    settings.GeneratorSettings.DefaultPropertyNameHandling = PropertyNameHandling.CamelCase;
    settings.PostProcess = document =>
    {
        document.Info.Title = "App title";
        document.Info.Description = "App description";
    };

    settings.OAuth2Client = new OAuth2ClientSettings
    {
        ClientId = [clientid]
        ClientSecret = [clientsecret]
        AppName = "app_name",
    };
    settings.OAuth2Client.AdditionalQueryStringParameters.Add("response_type", "code id_token");
    settings.OAuth2Client.AdditionalQueryStringParameters.Add("nonce", "AnyValueShouldBeRandom");

    settings.GeneratorSettings.DocumentProcessors.Add(new SecurityDefinitionAppender("Auth Token", new SwaggerSecurityScheme
    {
        Type = SwaggerSecuritySchemeType.OpenIdConnect,
        Description = "Swagger OAuth2",
        OpenIdConnectUrl = "https://login.microsoftonline.com/[tenantid]/v2.0/.well-known/openid-configuration",
        Flow = SwaggerOAuth2Flow.Implicit,
        AuthorizationUrl = "https://login.microsoftonline.com/[tenantid]/oauth2/v2.0/authorize",
        TokenUrl = "https://login.microsoftonline.com/[tenantid]/oauth2/v2.0/token",
        In = SwaggerSecurityApiKeyLocation.Header,

        Scopes = new Dictionary<string, string>
        {
            { "api://[api]/user_impersonation", "" },
            { "user.read", "" },
            { "openid", "" },
            { "email", "" },
            { "profile", "" },
            { "roles", "" }
        }
    }));

    settings.GeneratorSettings.OperationProcessors.Add(new OperationSecurityScopeProcessor("oauth2"));

});

My question is what am I doing wrong?

I have been struggling with this since this morning. Any help is greatly appreciated.

Thanks!

UPDATE 3/21/2019

I figured it out.

change this from

Type = SwaggerSecuritySchemeType.OpenIdConnect

to

Type = SwaggerSecuritySchemeType.OAuth2

I also removed a bunch of stuff like the ff lines

settings.OAuth2Client.AdditionalQueryStringParameters.Add("response_type", "code id_token");
settings.OAuth2Client.AdditionalQueryStringParameters.Add("nonce", "AnyValueShouldBeRandom");

It's now working.

At least on the outside.

Swagger tells me I am already Authenticated:

BUT when I run the application, HttpContext.User.Identity.IsAuthenticated tells me I'm not.

Same question: What am I doing wrong?

Answer 1

Finally I can answer my own question.

I'm not going to be too hard on myself this time because the fix was not very obvious, at least to me.

Apparently,

settings.GeneratorSettings.OperationProcessors

should have a matching

settings.GeneratorSettings.DocumentProcessors

It's partly my fault if I didn't google hard enough or the docs really wasn't that accessible.

But this line

settings.GeneratorSettings.OperationProcessors.Add(new OperationSecurityScopeProcessor("oauth2"));

Needs a match. So replace the following

settings.GeneratorSettings.DocumentProcessors.Add(new SecurityDefinitionAppender("Auth Token", new SwaggerSecurityScheme

with

settings.GeneratorSettings.DocumentProcessors.Add(new SecurityDefinitionAppender("oauth2", new SwaggerSecurityScheme

I hope this helps somebody else.