simpleidserver
Unexpected Swagger API Endpoints from FormBuilder After Adding SimpleIdServer Packages
Hello,
After integrating the SimpleIdServer.IdServer and SimpleIdServer.IdServer.Domains packages, we observed that Swagger now includes additional API endpoints related to FormBuilder (specifically FakeData and Templates).
Since these endpoints are not required in our implementation, we would like to clarify:
- Is this the intended behavior of these packages?
- Is there a recommended way to suppress these endpoints in Swagger?
Currently, we have manually configured Swagger to include only the necessary endpoints for our assembly, but we would appreciate guidance on a more sustainable approach.
Thank you for your assistance!
Indeed, since version 6, SimpleIdServer has been using an internal FormBuilder to create the authentication and registration pages. We made this choice for the following reasons:
-
The authentication and registration pages are sensitive to external attacks. By using a FormBuilder, we ensure developers follow security best practices and reduce the risk of security breaches.
-
Thanks to the FormBuilder, SimpleIdServer can be easily integrated into an IDaaS solution, giving end-users without development skills the ability to customize their own UI.
These endpoints are used by the Administration website, but they can be hidden from Swagger.
We made some changes in the release/6.0.3 branch (new method ExcludeDocumentations), allowing these endpoints to be excluded as follows:
.AddSwagger(opt =>
{
opt.IncludeDocumentation<AccessTokenTypeService>();
opt.ExcludeDocumentations("/{prefix}/forms", "/{prefix}/templates");
})
KR,
SID
