swagger azure ad client credentials|swagger client credentials flow with web api and azure adactive directory|Swagger Azure AD Authentication with Client Id And Client Secret
Swagger Authentication with Azure AD Using client Id and Client Secret in .net 6 Web API which have Azure AD authentication needs two app registrations. One for Swagger Client which needs Azure AD authentication and other app registration for Web API which have azure ad authenticaiton.
Once App registrations are done need to go to Swagger Azure AD client app registration and generate Client Secret. Later go to Web API Azure AD app registration and a role and the role should be an Application role.
Then Go To Swagger Client Credentials Flow with .Net6 Web API client app registration, goto API permissions and add the previously created role. We must grant admin consent as Swagger Azure AD Client Id and Client Secret is using Application Role.
Later Go to program.cs in visual studio and add swagger security definition and make sure that you have to mention the flow as Client Credentials flow.
Client credentials flow with Swagger needs client Id and Client secret which we have already created. Later In the same swagger configuration mention the authorization header name and parameter location. You also need to mention Scopes for your Swagger Azure AD Client.
Once you run the application, it shows you Swagger Authorization with Azure AD button. If you click on Authorize, a popup will be opened and it asks for Client Id and Client Secret. You also need to select the scope. If you hit on Authorize the login shows you an error "Failed to Fetch". This is because Swagger Client Credentials flow with Azure AD and Web API uses javascript and Fetch API calls to fetch token directly from Azure. As the domains are different It gives CORS issue and shows "Auth Error Type Error:Failed to fetch","Auth Error:Failed To Fetch".
======================================
As a work around, to make swagger client credentials flow work with .net core web api azure AD, you can run the browser in disabled web security mode. In this way, it will not send origin header so you will no more see "Auth Error" "Failed to Fetch" error and successfully gets the token.
======================================
One more work around for swagger client credentials flow is to write your own endpoint to get the token for azure ad. Swagger client credentials app sends the client id and secret in basic authorization mode. in your api responsible for swagger azure ad authentication client credentials flow with client id and client secret you have to get them from authorization header and decrypt them as the basic swagger client id client secret flow uses base64 format. Then we can use those details to send it to azure ad to get the token for your swagger client credentials azure ad application.
Chapters
00:00 Swagger Azure AD Client Credentials Intro
00:15 Swagger Azure AD Client id secret proj setup
02:17 Setting App Registration for Swagger Azure AD Client flow
05:24 Setting Up Swagger Authentication with Azure AD
12:50 Auth Error Type Error:Failed To Fetch Swagger Azure AD
14:40 Swagger Client Credentials Azure AD - work around 1
17:05 Swagger Client Credentials Azure AD - work around 2
#SwaggerAzureADClientCredentials
#azuread
#SwaggerWebAPIClientCredentials