Swagger 刷新保留授权状态实现

使用 Cookie + 让认证框架直接读取 Cookie

调用 SigninToSwagger(token) 之后
所有接口请求自动带上 Token
不需要点 Swagger 授权
不需要 JS
不需要刷新
直接调用，直接成功，永远 401 消失

public static class SwaggerAutoTokenExtensions
{
    /// <summary>
    /// 你要的方法：登录后调用这一行，后面所有接口自动带 Token
    /// </summary>
    public static void SigninToSwagger(this HttpContext httpContext, string token)
    {
        if (string.IsNullOrEmpty(token)) return;

        var options = new CookieOptions
        {
            HttpOnly = true,
            Secure = false,
            SameSite = SameSiteMode.Lax,
            Expires = DateTime.Now.AddHours(12)
        };

        httpContext.Response.Cookies.Append("Swagger.Auto.Token", token, options);
    }
}

builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
    .AddJwtBearer(options =>
    {
        options.TokenValidationParameters = new TokenValidationParameters
        {
            ValidateIssuer = true,
            ValidateAudience = true,
            ValidateLifetime = true,
            ValidateIssuerSigningKey = true,
            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes("你的密钥"))
        };

        // 👇 核心：让 JWT 从 Cookie 读取 token
        options.Events = new JwtBearerEvents
        {
            OnMessageReceived = context =>
            {
                var token = context.Request.Cookies["Swagger.Auto.Token"];
                if (!string.IsNullOrEmpty(token))
                {
                    context.Token = token;
                }
                return Task.CompletedTask;
            }
        };
    });

HttpContext.SigninToSwagger(token);