Swagger shows non-existing Auth endpoints

Is there a way not to show non-existing auth et al endpoints?


If you use SwaggerFeature you can use ApiDeclarationFilter to remove any of the endpoints defined by the service.

Plugins.Add(new SwaggerFeature {
  ApiDeclarationFilter = api => {
        api.Apis.RemoveAll(x => x.Path == "/auth" || x.Path == "/auth/{provider}"));

With OpenApi you can use the same filter, with little modification

Plugins.Add(new OpenApiFeature {
  ApiDeclarationFilter = api => {

more detailed info about filters you can find in OpenApiFeature documentation

By the way /auth endpoint exists in the services and used by AuthFeature plugin.

Thank you, this is most helpful.

For example, GET AssingRoles is not implemented but Swagger help is generated. These are the end points I am eager to hide.

  "ResponseStatus": {
    "ErrorCode": "NotImplementedException",
    "Message": "Could not find method named Get(AssignRoles) or Any(AssignRoles) on Service AssignRolesService",
    "StackTrace": "   at ServiceStack.Host.ServiceExec`1.Execute(IRequest request, Object instance, Object requestDto, String requestName)\r\n   at ServiceStack.Host.ServiceRequestExec`2.Execute(IRequest requestContext, Object instance, Object request)\r\n   at ServiceStack.Host.ServiceController.ManagedServiceExec(ServiceExecFn serviceExec, IService service, IRequest request, Object requestDto)\r\n   at ServiceStack.Host.ServiceController.<>c__DisplayClass36_0.<RegisterServiceExecutor>b__0(IRequest req, Object dto)\r\n   at ServiceStack.Host.ServiceController.Execute(Object requestDto, IRequest req)\r\n   at ServiceStack.HostContext.ExecuteService(Object request, IRequest httpReq)\r\n   at ServiceStack.Host.RestHandler.GetResponse(IRequest request, Object requestDto)\r\n   at ServiceStack.Host.RestHandler.<>c__DisplayClass13_1.<ProcessRequestAsync>b__0(Task t)\r\n   at ServiceStack.AsyncExtensions.Continue[TOut](Task task, Func`2 next)"

Do you use SwaggerFeature or OpenApiFeature plugin?

I have used the SwaggerFeature

Plugins.Add(new SwaggerFeature());

BTW you can hide Services from metadata by annotating Services with:

public class MyRequest {}

Which for built-in Services you can dynamically add them, e.g:

    .AddAttributes(new ExcludeAttribute(Feature.Metadata));

But you’ll need to register this before AppHost.Configure() is run, either in the AppHost Constructor or outside of AppHost before calling appHost.Init().

If you don’t need Assign/UnAssign Roles Services, you can remove them completely by setting IncludeAssignRoleServices = false, e.g:

Plugins.Add(new AuthFeature(() => new AuthUserSession()) {
    IncludeAssignRoleServices = false

PUT does not exist either. Is this some misconfiguration on my side?


No, it’s not misconfiguration. PUT is not implemented in Authenticate service, but it’s not annotated with ApplyTo enum in [Route] attribute to describe which methods are implemented and which are not. And this is why SwaggerFeature does not remove this verb from available operations. I’ll look what can be done here. But you still can remove this verb from API declaration using filters.