Omit Client Secret field for authorization code with pkce
ArieGato opened this issue · 0 comments
ArieGato commented
Is it possible to hide/omit the client secret field for Authorization Code with PKCE?
I have the following configuration:
services.AddOpenApiDocument((opt, _) =>
{
opt.AddSecurity(appSettings.Jwt.Scheme, [], new OpenApiSecurityScheme
{
Type = OpenApiSecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
AuthorizationCode = new OpenApiOAuthFlow
{
Scopes = new Dictionary<string, string>
{
{ "https://...", "Access scope ..." }
},
AuthorizationUrl = "https://...",
TokenUrl = "https://..."
}
}
});
opt.OperationProcessors.Add(new AspNetCoreOperationSecurityScopeProcessor(appSettings.Jwt.Scheme));
}); app.UseSwaggerUi(sett =>
{
sett.OAuth2Client = new OAuth2ClientSettings
{
ClientId = appSettings.ClientId,
ClientSecret = "", // <-- this makes the field empty, otherwise a dummy value is generated
UsePkceWithAuthorizationCodeGrant = true
};
});