Skip to content

feat(iwebapi): migrate OpenAPI generation to Microsoft.AspNetCore.OpenApi#627

Merged
Herman Jensen (h3rmanj) merged 2 commits into
mainfrom
dotnet/aspnetcore-openapi
Jun 2, 2026
Merged

feat(iwebapi): migrate OpenAPI generation to Microsoft.AspNetCore.OpenApi#627
Herman Jensen (h3rmanj) merged 2 commits into
mainfrom
dotnet/aspnetcore-openapi

Conversation

@h3rmanj

@h3rmanj Herman Jensen (h3rmanj) commented Jun 2, 2026

Copy link
Copy Markdown
Member

Summary

Migrates the iwebapi template from Swashbuckle's OpenAPI document generation to the built-in Microsoft.AspNetCore.OpenApi generator with an IOpenApiDocumentTransformer. Swashbuckle's Swagger UI is retained as the frontend only — it no longer generates the document, it just renders the one produced by the built-in generator.

What changed

  • Packages: add Microsoft.AspNetCore.OpenApi (10.0.8); replace the full Swashbuckle.AspNetCore meta-package with Swashbuckle.AspNetCore.SwaggerUI (UI only). Both Asp.Versioning packages are retained (versioning engine + the GroupName the generator routes documents by).
  • New AzureAdSecuritySchemeTransformer: a DI-activated document transformer that adds the Azure AD OAuth2 scheme and a global per-operation security requirement — a direct port of the security setup from SwaggerGenConfigurator.
  • Program.cs: registers the document with a literal AddOpenApi("v1") call (literal name required so the .NET 10 XML doc-comment source generator stays active) and sets title/version inline; serves it with MapOpenApi() instead of UseSwagger(). Dropped AddEndpointsApiExplorer() (minimal-APIs only; the template uses controllers).
  • SwaggerUIConfigurator: repointed from /swagger/{group}/swagger.json to /openapi/{group}.json; dynamic version loop kept so the UI auto-discovers versions.
  • Deleted SwaggerGenConfigurator: its security setup moved to the transformer; XML comments are now picked up automatically by the .NET 10 source generator; title/version moved inline.
  • packages.lock.json regenerated (CI runs locked-mode: true).

Test Plan

  • dotnet build of the main project succeeds (only the pre-existing WeatherForecast nullability warning).
  • Ran the app and inspected /openapi/v1.json: correct info title/version, Azure AD OAuth2 scheme, global security requirement on the operation, XML-sourced summary ("Retrieve weather forecast."), and the versioned path /api/v1/WeatherForecast.
  • Swagger UI loads at root (HTTP 200).
  • dotnet restore --locked-mode (linux-musl-x64) passes — lockfile consistent for CI.
  • No remaining references to SwaggerGen, swagger.json, or AddEndpointsApiExplorer in the template.
  • Note: the template's test project can't be built in token form (__PROJECT_PATH__); the existing tests (controller unit test + 401 integration test) are unaffected by this change and pass on an instantiated copy.

The __CLIENT_ID__ placeholder in the generated document is intentional (per the template's CLAUDE.md); a real tenant config substitutes it at runtime.

🤖 Generated with Claude Code

@h3rmanj @claude
feat(iwebapi): migrate OpenAPI generation to Microsoft.AspNetCore.Ope…
51b1a95 
…nApi

Replace Swashbuckle's document generation with the built-in
Microsoft.AspNetCore.OpenApi generator and an IOpenApiDocumentTransformer,
keeping Swashbuckle Swagger UI as the frontend only.

- Add Microsoft.AspNetCore.OpenApi; swap the Swashbuckle.AspNetCore
  meta-package for Swashbuckle.AspNetCore.SwaggerUI (UI only)
- Add AzureAdSecuritySchemeTransformer (OAuth2 scheme + global security
  requirement), replacing the security setup in SwaggerGenConfigurator
- Register the document via a literal AddOpenApi("v1") call so the .NET 10
  XML doc-comment source generator stays active; set title/version inline
- Serve the document with MapOpenApi() and point Swagger UI at
  /openapi/{group}.json; drop AddEndpointsApiExplorer (minimal-APIs only)
- Delete SwaggerGenConfigurator; XML comments are now automatic
- Regenerate packages.lock.json

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@h3rmanj Herman Jensen (h3rmanj) requested a review from a team as a code owner June 2, 2026 12:11
Copilot AI reviewed Jun 2, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Migrates the iwebapi .NET template’s OpenAPI document generation from Swashbuckle/SwaggerGen to the built-in Microsoft.AspNetCore.OpenApi generator (via AddOpenApi + MapOpenApi), while keeping Swashbuckle’s Swagger UI purely as a frontend renderer.

Changes:

  • Switch OpenAPI document generation to Microsoft.AspNetCore.OpenApi with an IOpenApiDocumentTransformer.
  • Replace the Swashbuckle meta-package with Swashbuckle.AspNetCore.SwaggerUI and repoint UI to /openapi/{group}.json.
  • Remove SwaggerGenConfigurator and introduce AzureAdSecuritySchemeTransformer for Azure AD OAuth2 + security requirements.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
dotnet/iwebapi/Company.WebApplication1/Swagger/SwaggerUIConfigurator.cs Updates Swagger UI to load docs from the new /openapi/{group}.json endpoint.
dotnet/iwebapi/Company.WebApplication1/Swagger/SwaggerGenConfigurator.cs Removes SwaggerGen-based document configuration (no longer used).
dotnet/iwebapi/Company.WebApplication1/Swagger/AzureAdSecuritySchemeTransformer.cs Adds a document transformer to inject Azure AD OAuth2 security scheme and requirements.
dotnet/iwebapi/Company.WebApplication1/Program.cs Wires up AddOpenApi/MapOpenApi and removes SwaggerGen registration.
dotnet/iwebapi/Company.WebApplication1/packages.lock.json Updates lockfile for the new OpenAPI/Swashbuckle package set.
dotnet/iwebapi/Company.WebApplication1/Company.WebApplication1.csproj Adds Microsoft.AspNetCore.OpenApi and switches to Swashbuckle.AspNetCore.SwaggerUI.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread dotnet/iwebapi/Company.WebApplication1/Swagger/AzureAdSecuritySchemeTransformer.cs Outdated
@h3rmanj @claude
refactor(iwebapi): apply OpenAPI security requirement at document level
412b1eb 
Set the Azure AD requirement once via document.Security instead of
iterating every operation. This matches the original Swashbuckle
AddSecurityRequirement behavior (global, top-level security), removes
duplication, and preserves per-operation override semantics.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@h3rmanj Herman Jensen (h3rmanj) merged commit daf49d1 into main Jun 2, 2026
5 checks passed
@h3rmanj Herman Jensen (h3rmanj) deleted the dotnet/aspnetcore-openapi branch June 2, 2026 12:34
@github-actions github-actions Bot mentioned this pull request Jun 2, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@loekensgard Thorstein Løkensgard (loekensgard) loekensgard approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@h3rmanj @loekensgard