.Net Core 3.1, NSwag, and Auth0

Just a quick one, mostly a note to future self and anyone else struggling with what should be a simple setup of these three.

Setting up your app to accept the JWT tokens

Add the services;

services.AddAuthentication(options =>
                options.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme;
                options.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme;
            }).AddJwtBearer(options =>
                options.Authority = $"https://{Configuration["Auth0:Authority"]}/";
                options.Audience = Configuration["Auth0:Audience"];

And add it to the pipeline;


Setting up NSwag so it lets you authenticate and handles the attaching the token

services.AddOpenApiDocument(c =>
                c.AddSecurity("oauth2", Enumerable.Empty<string>(), new OpenApiSecurityScheme
                    Type = OpenApiSecuritySchemeType.OAuth2,
                    Description = "Auth0 Auth",
                    Flow = OpenApiOAuth2Flow.Implicit,
                    Flows = new OpenApiOAuthFlows()
                        Implicit = new OpenApiOAuthFlow()
                            AuthorizationUrl = $"https://{Configuration["Auth0:Authority"]}/authorize?audience=whatever",
                            TokenUrl = $"https://{Configuration["Auth0:Authority"]}",

Please note the fact I have appended an audience to the url. If you do not do this Auth0 will give you back an opaque token and not a JWT. This is super annoying as it's not mentioned anywhere in their docs about access tokens. Nor is it mentioned in this top google result in their community forums. I finally found the solution on another post with a dead link to their documentation. Yes, this was super frustrating. In fact this is what has inspired this blog note.