From 8f63661e8d3643dfaf1a55bc688e62778a66e984 Mon Sep 17 00:00:00 2001
From: Galip Tolga Erdem <galiperdem@gmail.com>
Date: Mon, 21 Aug 2023 15:09:59 -0400
Subject: [PATCH 1/2] Added default oidc metadata address

---
 .../wwwroot/swagger/ui/abp.swagger.js                 | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/ui/abp.swagger.js b/framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/ui/abp.swagger.js
index 6edbe815be..70bf976bc4 100644
--- a/framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/ui/abp.swagger.js
+++ b/framework/src/Volo.Abp.Swashbuckle/wwwroot/swagger/ui/abp.swagger.js
@@ -28,7 +28,16 @@ var abp = abp || {};
             }
             // Intercept .well-known request when the discoveryEndpoint is provided
             if (!firstRequest && oidcDiscoveryEndpoint.length !== 0 && request.url.includes(".well-known/openid-configuration")) {
-                request.url = oidcDiscoveryEndpoint;
+                if (oidcDiscoveryEndpoint.endsWith(".well-known/openid-configuration")) {
+                    request.url = oidcDiscoveryEndpoint;
+                    console.log(request.url);
+                    return;
+                }
+                if (!oidcDiscoveryEndpoint.endsWith("/")) {
+                    oidcDiscoveryEndpoint += "/"
+                }
+                request.url = oidcDiscoveryEndpoint + ".well-known/openid-configuration";
+                console.log(request.url);
             }
 
             var antiForgeryToken = abp.security.antiForgery.getToken();

From f48025ad8730e105096fdd447d566567b7496065 Mon Sep 17 00:00:00 2001
From: Galip Tolga Erdem <galiperdem@gmail.com>
Date: Mon, 21 Aug 2023 15:38:17 -0400
Subject: [PATCH 2/2] Update Swagger-Integration.md

---
 docs/en/API/Swagger-Integration.md | 35 ++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/docs/en/API/Swagger-Integration.md b/docs/en/API/Swagger-Integration.md
index d9afd0e2e2..aad5c531c4 100644
--- a/docs/en/API/Swagger-Integration.md
+++ b/docs/en/API/Swagger-Integration.md
@@ -153,3 +153,38 @@ public override void OnApplicationInitialization(ApplicationInitializationContex
 ```
 
 > Do not forget to set `OAuthClientId` and `OAuthClientSecret`.
+
+## Using Swagger with OIDC
+
+You may also want to configure swagger using **OpenIdConnect** instead of OAUTH. This is especially useful when you need to configure different metadata address than the issuer in cases such as when you deploy your application to kubernetes cluster or docker. In these cases, metadata address will be used in sign-in process to reach the valid authentication server discovery endpoint over the internet and use the internal network to validate the obtained token.
+
+To do that, we need to use `AddAbpSwaggerGenWithOidc` extension to configure Swagger with OAuth issuer and scopes in `ConfigureServices` method of our module:
+
+```csharp
+context.Services.AddAbpSwaggerGenWithOidc(
+    configuration["AuthServer:Authority"],
+    scopes: new[] { "SwaggerDemo" },
+    // "authorization_code"
+    flows: new[] { AbpSwaggerOidcFlows.AuthorizationCode },
+    // When deployed on K8s, should be metadata URL of the reachable DNS over internet like https://myauthserver.company.com
+    discoveryEndpoint: configuration["AuthServer:Authority"],
+    options =>
+    {
+        options.SwaggerDoc("v1", new OpenApiInfo { Title = "SwaggerDemo API", Version = "v1" });
+        options.DocInclusionPredicate((docName, description) => true);
+        options.CustomSchemaIds(type => type.FullName);
+    });
+```
+
+The `flows` is a list of default oidc flows that is supported by the oidc-provider (authserver). You can see the default supported flows below:
+
+- `AbpSwaggerOidcFlows.AuthorizationCode`: The `"authorization_code"` flow is the **default and suggested** flow. **Doesn't require a client secret** when even there is a field for it.
+-  `AbpSwaggerOidcFlows.Implicit`: The deprecated `"implicit"` flow that was used for javascript applications.
+- `AbpSwaggerOidcFlows.Password`: The legacy `password` flow which is also known as Resource Ownder Password flow. You need to provide a user name, password and client secret for it.
+- `AbpSwaggerOidcFlows.ClientCredentials`: The `"client_credentials"` flow that is used for server to server interactions.
+
+You can define one or many flows which will be shown in the Authorize modal. You can set it **null which will use the default "authorization_code"** flow.
+
+The `discoveryEndpoint` is the reachable openid-provider endpoint for the `.well-known/openid-configuration`. You can set it to **null which will use default AuthServer:Authority** appsettings configuration. If you are deploying your applications to a kubernetes cluster or docker swarm, you should to set the `discoveryEndpoint` as real DNS that should be reachable over the internet. 
+
+> If are having problems with seeing the authorization modal, check the browser console logs and make sure you have a correct and reachable `discoveryEndpoint`