Yesterday I downloaded Microsoft Visual Studio 2026 and started updating the projects I am working on to .NET 10 and updating any NuGets.
I left these three NuGets to the last as I have had problems updating them before, and this time was no different. The updated NuGets “broke” my code because the way that security definitions and security requirements were implemented had changed.
These articles were the inspiration for my approach
- Microsoft.OpenAPI 2.0.0.0 has breaking changes
- Configuration and Customization of Swashbuckle.AspNetCore.SwaggerGen
- Version 2.0 does not work. Huge number of unresolved types. Have to remove it from our project
- Creating reference schema is not working
options.AddSecurityDefinition("X-API-Key", new OpenApiSecurityScheme
{
Description = "JWT Authorization header using the Bearer scheme. Example: \"Authorization: Bearer {token}\"",
Name = "Authorization",
In = ParameterLocation.Header,
Type = SecuritySchemeType.Http,
Scheme = "Bearer"
});
options.AddSecurityRequirement(document => new OpenApiSecurityRequirement
{
[new OpenApiSecuritySchemeReference("Bearer", document)] = [],
[new OpenApiSecuritySchemeReference("X-API-Key", document)] = []
});
});
Warning: make sure the schema etc. have same case so you don’t lose an hour from your life that you will never get back.
With the above updates the application would work but….
WithOpenApi was originally designed for minimal APIs to attach an OpenApiOperation to endpoint metadata so tools like Swashbuckle could consume it.
Deprecation of WithOpenApi extension method
However, starting with .NET 9, ASP.NET Core introduced native OpenAPI document generation via Microsoft.AspNetCore.OpenApi. This made WithOpenApi unnecessary because the new pipeline already supports operation customization through transformers.
app.MapGet("Version", () =>
{
return Results.Ok(typeof(Program).Assembly.GetName().Version?.ToString());
}).RequireAuthorization()
.WithName("Version")
.Produces<string>(StatusCodes.Status200OK)
.Produces(StatusCodes.Status401Unauthorized)
.AddOpenApiOperationTransformer((operation, context, ct) =>
{
// Per-endpoint tweaks
operation.Summary = "Returns version of the application";
operation.Description = "Returns the version of the application from project metadata.";
return Task.CompletedTask;
});
The new transformer API (AddOpenApiOperationTransformer) works directly with the built-in OpenAPI pipeline. It allows per-operation or global modifications without relying on third-party libraries.
devMobile's blog 