Yes, the url change was the root cause. An nginx config change resolved the issue.
I believe that I found the issue. The problem was that we weren't handling www.mydomain.com vs mydomain.com correctly.
Some users were entering www.mydomain.com and others were using mydomain.com. The front end had the URL entered by the user, while the backend was using mydomain.com. The mismatch caused an issue for the frontend after the redirect because it wasn't finding the values in localstorage using www.mydomain.com. i.e.) if the user enters mydomain.com it works, and if the user enters www.mydomain.com it generates the reported console error on the first attempt.
I have created a rule in nginx.conf to redirect www.mydomain.com to mydomain.com and it is now working. Please leave this ticket open for a few days until QA has approved the fix.
Typescript is reporting: Error: src/app/home/home.component.ts:216:22 - error TS2339: Property 'oidc' does not exist on type 'AuthService'.
216 this.authService.oidc = false; ~~~~
I tried adding oidc: false to const oAuthConfig = { }, but still the same issue. The angular-oauth2-oidc library reports that the oidc configuration parameter only effects implicit grant. I am using auth code grant.
https://manfredsteyer.github.io/angular-oauth2-oidc/docs/classes/AuthConfig.html#oidc Public Optional oidc Default value : true Defined in projects/lib/src/auth.config.ts:43 Defines whether to use OpenId Connect during implicit flow.
Please let me know if you have any other ideas.
{ "name": "REDACTED", "version": "0.0.0", "scripts": { "ng": "ng", "start": "ng serve --open", "build": "ng build", "build:local": "ng build --configuration local", "build:prod": "ng build --configuration production", "build:staging": "ng build --configuration staging", "watch": "ng build --watch --configuration development", "test": "ng test", "lint": "ng lint" }, "private": true, "dependencies": { "@abp/ng.components": "~8.0.4", "@abp/ng.core": "~8.0.4", "@abp/ng.oauth": "~8.0.4", "@abp/ng.setting-management": "~8.0.4", "@abp/ng.theme.shared": "~8.0.4", "@angular/animations": "~17.0.0", "@angular/common": "~17.0.0", "@angular/compiler": "~17.0.0", "@angular/core": "~17.0.0", "@angular/forms": "~17.0.0", "@angular/localize": "~17.0.0", "@angular/platform-browser": "~17.0.0", "@angular/platform-browser-dynamic": "~17.0.0", "@angular/router": "~17.0.0", "@angular/service-worker": "~17.0.0", "@ng-bootstrap/ng-bootstrap": "16.0.0", "@popperjs/core": "^2.11.6", "@stripe/stripe-js": "^2.1.7", "@volo/abp.commercial.ng.ui": "~8.0.4", "@volo/abp.ng.account": "~8.0.4", "@volo/abp.ng.audit-logging": "~8.0.4", "@volo/abp.ng.file-management": "~8.0.4", "@volo/abp.ng.gdpr": "~8.0.4", "@volo/abp.ng.identity": "~8.0.4", "@volo/abp.ng.language-management": "~8.0.4", "@volo/abp.ng.openiddictpro": "~8.0.4", "@volo/abp.ng.saas": "~8.0.4", "@volo/abp.ng.text-template-management": "~8.0.4", "@volo/ngx-lepton-x.core": "~3.0.4", "@volosoft/abp.ng.theme.lepton-x": "~3.0.1", "dxf-parser": "^1.1.2", "ngx-stripe": "17.0.1", "pdfmake": "^0.2.9", "qrcode": "1.5.3", "rxjs": "7.8.1", "ts-node": "^10.9.1", "tslib": "^2.1.0", "zone.js": "~0.14.0" }, "devDependencies": { "@abp/ng.schematics": "~8.0.4", "@angular-devkit/build-angular": "~17.0.0", "@angular-devkit/core": "~17.0.0", "@angular-devkit/schematics": "~17.0.0", "@angular-eslint/builder": "~17.0.0", "@angular-eslint/eslint-plugin": "~17.0.0", "@angular-eslint/eslint-plugin-template": "~17.0.0", "@angular-eslint/schematics": "~17.0.0", "@angular-eslint/template-parser": "~17.0.0", "@angular/cli": "~17.0.0", "@angular/compiler-cli": "~17.0.0", "@angular/language-service": "~17.0.0", "@schematics/angular": "~17.0.0", "@types/jasmine": "~3.6.0", "@types/node": "^12.11.1", "@typescript-eslint/eslint-plugin": "6.9.1", "@typescript-eslint/parser": "6.9.1", "eslint": "^8.23.0", "jasmine-core": "~4.0.0", "karma": "~6.3.0", "karma-chrome-launcher": "~3.1.0", "karma-coverage": "~2.1.0", "karma-jasmine": "~4.0.0", "karma-jasmine-html-reporter": "^1.7.0", "ng-packagr": "^17.0.0", "typescript": "~5.2.0" } }
Hello,
We have added a Sign In button to the nav menu and call navigateToLogin() to redirect to the standard login page:
this.navItems.addItems([{
id: 'SignInIcon',
html: '<a class="menu-item"><i class="fas fa-sign-in-alt text-white m-3"></i>Sign In</a>',
name: 'AbpAccount::Sign In',
action: () => this.authService.navigateToLogin(),
order: 0
}]);
This works well EXCEPT it sometimes fails for first time users. First time users, often have to click Sign In twice, once to be redirected to the login page and a second time after entering the password and clicking Login. If the user is authenticated (this.authService.isAuthenticated), we remove the Sign In button and add a Sign Out button, but in the case of this error the user is not authenticated and the Sign in button remains.
The browser console shows the error in this instance: "Validating access_token failed, wrong state/nonce." If I click on the error, the source is : validateNonce(ie) { let te; return te = this.saveNoncesInLocalStorage && typeof window.localStorage < "u" ? localStorage.getItem("nonce") : this._storage.getItem("nonce"), te === ie || (console.error("Validating access_token failed, wrong state/nonce.", te, ie), !1) }
The issue is not always reproducible and it seems to be related to these references: https://github.com/manfredsteyer/angular-oauth2-oidc/issues/728 https://github.com/abpframework/abp/issues/16955
Note:
Is there an issue with using navigateToLogin in the way we are using it?
Is there a way to disable the nonce check?
I see that angular-oauth2-oidc supports disabling nonce but not sure how I would do that in ABP (if that's the only option):
https://manfredsteyer.github.io/angular-oauth2-oidc/docs/classes/LoginOptions.html#disableNonceCheck
This is becoming a major issue for users.
My Auth.Config is standard: const oAuthConfig = { issuer: 'REDACTED', redirectUri: baseUrl, clientId: 'REDACTED', responseType: 'code', scope: 'offline_access REDACTED', requireHttps: true, }; I'm using embedded (ABP) OpenIddict on the server.
Can I post ABP commercial source code here or should I email?
A quick update. I am still getting the JS console error listed above, but I am able to register the user now.
I had originally overridden protected override async Task<IdentityUser> RegisterLocalUserAsync() with the community source code. I just replaced the community source code with the commercial source code (which has captcha support) and am able to register the user. This is the only method that I had to override in class CustomRegisterModel : RegisterModel.
I am still interested in knowing what is causing the *Browser Console Error: ReCAPTCHA couldn't find user-provided function: (function(){$('#g-recaptcha-response').val(token)}). The Register.cshtml was taken verbatim from commercial source and only the @model was updated.
Hello,
The Show Password feature on Login and Register pages does not display the password. The eye-slash icon disappears and the password remains obscured (****). The issue occurs in a new solution created using ABP Suite v8.0.3. Is the new password complexity feature interfering with show password?
Hello,
I wanted to improve model validation during user registration (e.g. set a regex for Username). I copied the Register.cshtml into HttpApi.Host/Pages/Account and changed @model to use my custom model. All field validations are working, password complexity is working, reCAPTCHA allows me to click the check box (I'm not a robot) but immediately displays an error: ReCAPTCHA couldn't find user-provided function: (function(){$('#g-recaptcha-response').val(token)})
I am using ReCAPTCHAv2 and the Register.cshtml changes are limited to @model.
_ViewImports.cshtml in the same directory has: @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers @addTagHelper *, Volo.Abp.AspNetCore.Mvc.UI @addTagHelper *, Volo.Abp.AspNetCore.Mvc.UI.Bootstrap @addTagHelper *, Volo.Abp.AspNetCore.Mvc.UI.Bundling @addTagHelper *, Owl.reCAPTCHA
Please let me know if there is anything else I can check.
Thanks, Matt
Hi, I just tried calling the application-configuration endpoint from postman before and after a role change, but the auth / grantedPolicies are not changing. I'm running ABP 8.0.2 commercial.
"auth": { "grantedPolicies": { }
If I restart HttpApi.Host, the grantedPolicies are updated.
I followed the instructions to upgrade my code in XXXHttpApiHostModule.cs: private void ConfigureAuthentication(ServiceConfigurationContext context) { context.Services.ForwardIdentityAuthenticationForBearer(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); // Enable dynamic claims context.Services.Configure<AbpClaimsPrincipalFactoryOptions>(options => { options.IsDynamicClaimsEnabled = true; //options.RemoteRefreshUrl = configuration["AuthServerUrl"] + options.RemoteRefreshUrl; }); }
... app.UseUnitOfWork(); app.UseDynamicClaims(); app.UseAuthorization();
Please advise.
On the server, I change the user's role based on their subscription status. Here is the code: var user = await _identityUserManager.GetByIdAsync(sub.CreatorId!.Value); await _identityUserManager.SetRolesAsync(user, GUEST); Note: _identityUserManager is Volo.Abp.Identity.IdentityUserManager
As indicated, the role change was not taking effect unless I restart the HttpApi.Host. I originally thought it was caching and tried setting a short SlidingExpiration for GlobalCacheEntryOptions with no luck.
I was only able to get this to work for my use case by updating the security timestamp on the user to reset all tokens/sessions. await _identityUserManager.UpdateSecurityStampAsync(user); Fortunately, this fixes the issue without requiring the user to log out and log in.
I am happy to have this working, but Is this the correct approach?