Skip to content

Authentication schemes

Ieuan Walker edited this page Dec 3, 2025 · 2 revisions

This extension method automatically documents all registered authentication schemes into your OpenAPI specification. It supports Bearer tokens, Basic auth, API Keys, OAuth2, OpenID Connect, and custom schemes.

Because it adds the authentication schemes to the OpenAPI JSON document, it allows Scalar to display the authentication options.

image

Basic Usage

The simplest way to add security scheme documentation:

builder.Services.AddAuthentication(...)
    .AddBearer(...)
    .AddBasic(...);

builder.Services.AddOpenApi(options =>
{
    options.AddAuthenticationSchemes();
});

That's it! All your registered authentication schemes will now appear in the OpenAPI documentation.

Override default settings

builder.Services.AddOpenApi(options =>
{
    options.AddAuthenticationSchemes(o =>
    {
        // Customize Bearer token format
        o.BearerFormat = "My Custom JWT Format";
        
        // Customize API key header name
        o.ApiKeyHeaderName = "X-Custom-API-Key";
        
        // Configure OAuth2
        o.OAuth2AuthorizationUrl = new Uri("https://auth.example.com/oauth/authorize");
        o.OAuth2Scopes = new Dictionary<string, string>
        {
            { "read:users", "Read user data" },
            { "write:users", "Write user data" },
            { "admin", "Admin access" }
        };
        
        // Configure OpenID Connect
        o.OpenIdConnectUrl = new Uri("https://auth.example.com/.well-known/openid-configuration");
    });
});

Clone this wiki locally