Restricting swagger ui endpoints and preventing developers from signing in twice

[asindarov]

Hi, I went through this issue #384 to get any solution for my case but could find partial solution. With the middleware implementation on the bottom I could restrict access to swagger ui endpoints but then we have to sign in twice 1) to get to the swagger page 2) to be able to call endpoints because they are secured by oauth authentication.

public class SwaggerOAuthMiddleware
{
    private readonly RequestDelegate next;
    public SwaggerOAuthMiddleware(RequestDelegate next)
    {
        this.next = next;
    }
    public async Task InvokeAsync(HttpContext context)
    {
        if (IsSwaggerUI(context.Request.Path))
        {
            // if user is not authenticated
            if (!context.User.Identity.IsAuthenticated)
            {
                await context.ChallengeAsync();
                return;
            }
        }
        await next.Invoke(context);
    }
    public bool IsSwaggerUI(PathString pathString)
    {
        return pathString.StartsWithSegments("/swagger");
    }

Anyone has any idea on how we could accomplish that ? I think swagger ui uses cookies or local storage isn't there any way to store the access token and force built-in swagger ui middleware, which is used under the hood to append the access token under every requests, to get access token from there ?