[Bug]: Authorization header missing from HTTP Requests in NET 10.

[LightBulbIdea]

Describe the bug

I just upgraded my NET 9 Web API to NET 10 and all of its dependecies. I followed the migration guide https://github.com/domaindrivendev/Swashbuckle.AspNetCore/blob/HEAD/docs/migrating-to-v10.md when upgrading Swagger. However, after changing to the new OpenApiSecurityRequirement expected object "OpenApiSecuritySchemeReference", swagger ui is no longer adding the Authorization header to my Http Calls.

During the migration I only had to update two things, namespaces for the models and the AddSecurityRequirement();.

I added Scalar UI support to my api just to be sure the issue is with swagger and Scalar UI works with no problems.

Any idea as to why Swagger UI is no longer appending the Authorization Header to my Http calls?

Swagger v10 configuration (Missing Authorization Header on every Http Call)

Swagger v9.0.6 configuration (Works)

The APP configuration is the same for both...

Expected behavior

Authorization header with bearer token in the http header.

Actual behavior

Authorization header missing from http requests.

Steps to reproduce

No response

Exception(s) (if any)

No response

Swashbuckle.AspNetCore version

10.0.0

.NET Version

10

Anything else?

I use OAuth2 PKCE flow with Auth0 (been using this for the past 2 years with no problems until today)

[martincostello]

Sorry, I don't immediately know the answer to this.

Could you provide a minimal reproducible example as a GitHub repository that demonstrates the issue you're experiencing so we can look into this further.

A diff of the two OpenAPI documents would also be useful.

[xC0dex]

I'm currently on my phone but you have to pass the document as the second parameter of the OpenApiSecuritySchemeReference constructor.

As a reference, you could check out the following docs (even if it's a different generator, the API is the same): https://learn.microsoft.com/en-us/aspnet/core/fundamentals/openapi/customize-openapi?view=aspnetcore-10.0

[martincostello]

Also check this documentation which shows what @xC0dex is referring to above.

[LightBulbIdea]

@xC0dex & @martincostello Thank you for the quick feedback. After looking through the docs you guys provided I was able to find my issue. It seems the way I was setting or passing my document was wrong. I just did the security requirement assignment based on the docs you provided @martincostello and it started working again.

Hopefully this post will help others in the future.

Once again, Thank you @xC0dex & @martincostello