I know it is not recommended to have swagger enabled for production environment but due to some client requirement I have to enable it in production environment.
However all my api’s are accessible only after proper role based authorization check so even if it is exposed in production environment no one can actually call the api’s unless they are authorized but still since it is not a good practice I just want to check if there is any way we can put authorization over swagger, meaning only those users who have valid login to the website can access the swagger page.
So basically user has to go through the login page of the website and then only he can access the swagger page at all otherwise it will not even open the swagger page.
Is there any possibility of it?
I remember reading about something similar, good thing I saved the link. It’s not the ideal solution but this might be something you could tweak and implement to fit your use case? medium.com/@milad665/…
you can follow this medium article (medium.com/@niteshsinghal85/…). it is series of two article where it is described to secure your swagger ui in production environment. specially part 2 is useful if you are using OAuth for authentication.