Custom authentication with Swashbuckle.AspNetCore

Question

Currently we're generating Swagger 2.0 documentation using Swashbuckle.AspNetCore. The authentication mechanism being used requires three headers:

• X-API-KEY: The shared key
• X-API-SIGN: Signature of the request composed of HMACSHA256 hashed value of Hashed secret, Timestamp, Method, Endpoint, and Body
• X-API-TIMESTAMP: This is the same timestamp used in the signature

I don't think Swagger or Swashbuckle support this natively so I would likely need to set up some javascript to fill in hidden fields or something in the swagger docs.

I'm currently using an OperationFilter to prepend operation parameters to each request. This doesn't help me once the page loads though since the user will need to enter their API key and secret, which everything else is calculated based on. Clearly javascript will be required here.

Can anyone provide suggestions for how to handle this cleanly?

Answer 1

I wanted to put this as a comment but comments do not allow format so here you go:

The Swashbuckle.AspNetCore seems to be missing the InjectJavaScript feature:
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/search?l=C%23&q=InjectJavaScript

It is there on the older project:
https://github.com/domaindrivendev/Swashbuckle/search?l=C%23&q=InjectJavaScript

That is what I've used to inject some javascript, without that we are very limited.

---

Now looking at this from a different perspective:

It seems you want to embed the authentication process on the swagger ui...
Maybe on the backend you should bypass the authentication if the request comes from Swagger-Ui