No, only this pfx
file. and configure it in code.
public override void PreConfigureServices(ServiceConfigurationContext context)
{
var hostingEnvironment = context.Services.GetHostingEnvironment();
if (!hostingEnvironment.IsDevelopment())
{
PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
{
options.AddDevelopmentEncryptionAndSigningCertificate = false;
});
PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
{
serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx", "00000000-0000-0000-0000-000000000000");
});
}
}
hi
You can generate this file and copy it to your server.
> dotnet --info
.NET SDK:
Version: 8.0.301
Commit: 1a0e9c0300
Workload version: 8.0.300-manifests.011fccd5
MSBuild version: 17.10.4+10fbfbf2e
Runtime Environment:
OS Name: Mac OS X
OS Version: 14.5
OS Platform: Darwin
RID: osx-arm64
Base Path: /usr/local/share/dotnet/sdk/8.0.301/
.NET workloads installed:
[aspire]
Installation Source: SDK 8.0.300
Manifest Version: 8.0.1/8.0.100
Manifest Path: /usr/local/share/dotnet/sdk-manifests/8.0.100/microsoft.net.sdk.aspire/8.0.1/WorkloadManifest.json
Install Type: FileBased
Host:
Version: 8.0.6
Architecture: arm64
Commit: 3b8b000a0e
.NET SDKs installed:
8.0.301 [/usr/local/share/dotnet/sdk]
.NET runtimes installed:
Microsoft.AspNetCore.App 8.0.6 [/usr/local/share/dotnet/shared/Microsoft.AspNetCore.App]
Microsoft.NETCore.App 8.0.6 [/usr/local/share/dotnet/shared/Microsoft.NETCore.App]
Other architectures found:
x64 [/usr/local/share/dotnet/x64]
registered at [/etc/dotnet/install_location_x64]
Environment variables:
Not set
global.json file:
Not found
Learn more:
https://aka.ms/dotnet/info
Download .NET:
https://aka.ms/dotnet/download
> dotnet dev-certs https -v -ep openiddict.pfx -p 00000000-0000-0000-0000-000000000000
[1] Listing certificates from CurrentUser\My
[2] Found certificates: 2 certificates
1) 8A29E32D03730B34A5C476AA01F36A769228667C - CN=localhost - Valid from 2023-08-20 13:35:18Z to 2024-08-19 13:35:18Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
2) ECF836904FA576A3765F42D3E43B6FA9AF73B914 - CN=localhost - Valid from 2023-07-23 20:50:54Z to 2024-07-22 20:50:54Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[3] Checking certificates validity
[4] Valid certificates: 2 certificates
1) 8A29E32D03730B34A5C476AA01F36A769228667C - CN=localhost - Valid from 2023-08-20 13:35:18Z to 2024-08-19 13:35:18Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
2) ECF836904FA576A3765F42D3E43B6FA9AF73B914 - CN=localhost - Valid from 2023-07-23 20:50:54Z to 2024-07-22 20:50:54Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[5] Invalid certificates: no certificates
[6] Finished listing certificates.
[1] Listing certificates from CurrentUser\My
[2] Found certificates: 2 certificates
1) 8A29E32D03730B34A5C476AA01F36A769228667C - CN=localhost - Valid from 2023-08-20 13:35:18Z to 2024-08-19 13:35:18Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
2) ECF836904FA576A3765F42D3E43B6FA9AF73B914 - CN=localhost - Valid from 2023-07-23 20:50:54Z to 2024-07-22 20:50:54Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[3] Checking certificates validity
[4] Valid certificates: 2 certificates
1) 8A29E32D03730B34A5C476AA01F36A769228667C - CN=localhost - Valid from 2023-08-20 13:35:18Z to 2024-08-19 13:35:18Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
2) ECF836904FA576A3765F42D3E43B6FA9AF73B914 - CN=localhost - Valid from 2023-07-23 20:50:54Z to 2024-07-22 20:50:54Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[5] Invalid certificates: no certificates
[6] Finished listing certificates.
[1] Listing certificates from LocalMachine\My
[2] Found certificates: no certificates
[3] Checking certificates validity
[4] Valid certificates: no certificates
[5] Invalid certificates: no certificates
[6] Finished listing certificates.
[8] Filtered certificates: 2 certificates
1) 8A29E32D03730B34A5C476AA01F36A769228667C - CN=localhost - Valid from 2023-08-20 13:35:18Z to 2024-08-19 13:35:18Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
2) ECF836904FA576A3765F42D3E43B6FA9AF73B914 - CN=localhost - Valid from 2023-07-23 20:50:54Z to 2024-07-22 20:50:54Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[9] Excluded certificates: no certificates
[14] Valid certificates: 2 certificates
1) 8A29E32D03730B34A5C476AA01F36A769228667C - CN=localhost - Valid from 2023-08-20 13:35:18Z to 2024-08-19 13:35:18Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
2) ECF836904FA576A3765F42D3E43B6FA9AF73B914 - CN=localhost - Valid from 2023-07-23 20:50:54Z to 2024-07-22 20:50:54Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[15] Selected certificate: ECF836904FA576A3765F42D3E43B6FA9AF73B914 - CN=localhost - Valid from 2023-07-23 20:50:54Z to 2024-07-22 20:50:54Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[23] Saving certificate 'ECF836904FA576A3765F42D3E43B6FA9AF73B914 - CN=localhost - Valid from 2023-07-23 20:50:54Z to 2024-07-22 20:50:54Z - IsHttpsDevelopmentCertificate: true - IsExportable: true' to openiddict.pfx with private key.
[27] Writing the certificate to: openiddict.pfx.
A valid HTTPS certificate is already present.
The certificate was exported to openiddict.pfx
hi
Please run this command on your development machine.
hi
Is it OK to disable the issuer validation on production?
I think it's ok.
https://github.com/abpframework/abp-samples/blob/master/DomainTenantResolver/OpenIddict/NG/angular/src/environments/environment.ts#L16
However, I now face an issue when trying to log in with the admin user to mydomain.com as a "superadmin". I end up in an infinite loop because the /connect/token endpoint responds with a 400 error:
{
"error": "invalid_grant",
"error_description": "The issuer associated to the specified token is not valid.",
"error_uri": "https://documentation.openiddict.com/errors/ID2088"
}
Can you share a access_token
in this error?
hi
AddDevelopmentEncryptionCertificate
Please use a pfx
certificate for the Production environment.
see https://docs.abp.io/en/abp/latest/Deployment/Configuring-OpenIddict#development-environment https://docs.abp.io/en/abp/latest/Deployment/Configuring-OpenIddict#production-environment
hi
The suite doesn't support bulk generating entities now
https://docs.abp.io/en/commercial/latest/abp-suite/generating-entities-from-an-existing-database-table.
hi
Its your project. Do you know how I can reproduce it locally?
hi
I can't get this error based on these codes. Can you share a simple project?
liming.ma@volosoft.com
https://wetransfer.com/