Open Closed

Multiple applications shared the same Identity Server #703


User avatar
-1
nhontran created

Hi, is it possible to have a shared Identity Server for multiple applications? I have tried to create 2 application with app-pro template as below

  • ABP Framework version: v3.3.2
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Seperated (Angular): yes

I have removed the Identity Server in one application and updated the Angular UI to point to the shared Identity Server, I already created a new client in the shared Identity Server. However, I am not able to login successul, it managed to get the token but dashboard still show login button, I suspected it due to no claims:

[12:14:21 DBG] In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.

Below is the log content:

[12:14:21 INF] Token request validation success, {"ClientId": "App_UI", "ClientName": "App_UI", "GrantType": "authorization_code", "Scopes": null, "AuthorizationCode": "O345sXye9QaFRc8RPs-Bs3MxRLDX_kdqkjiymvtcX8o", "RefreshToken": null, "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "authorization_code", "code": "O345sXye9QaFRc8RPs-Bs3MxRLDX_kdqkjiymvtcX8o", "redirect_uri": "http://localhost:4200", "code_verifier": "N1VsY3FSSmhsRXlMYVY4R0pjajRXN3FTOWJMdmFvTmF3SW9xNURIUUQ3dWFZ", "client_id": "App_UI"}, "$type": "TokenRequestValidationLog"} [12:14:21 DBG] client configuration validation for client App_UI succeeded. [12:14:21 DBG] Getting claims for access token for client: App_UI [12:14:21 DBG] Getting claims for access token for subject: 50d71d93-636f-f84d-d2c1-39f97c701cbe [12:14:21 DBG] Creating refresh token [12:14:21 DBG] Setting an absolute lifetime: 2592000 [12:14:21 DBG] client configuration validation for client App_UI succeeded. [12:14:21 DBG] Getting claims for identity token for subject: 50d71d93-636f-f84d-d2c1-39f97c701cbe and client: App_UI [12:14:21 DBG] In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration. [12:14:21 INF] {"ClientId": "App_UI", "ClientName": "App_UI", "RedirectUri": null, "Endpoint": "Token", "SubjectId": "50d71d93-636f-f84d-d2c1-39f97c701cbe", "Scopes": "openid App_UI offline_access", "GrantType": "authorization_code", "Tokens": [{"TokenType": "id_token", "TokenValue": "****8QnQ", "$type": "Token"}, {"TokenType": "refresh_token", "TokenValue": "****0m14", "$type": "Token"}, {"TokenType": "access_token", "TokenValue": "****N8rQ", "$type": "Token"}], "Category": "Token", "Name": "Token Issued Success", "EventType": "Success", "Id": 2000, "Message": null, "ActivityId": "80000095-0001-f700-b63f-84710c7967bb", "TimeStamp": "2020-12-18T04:14:21.0000000Z", "ProcessId": 23956, "LocalIpAddress": "::1:44306", "RemoteIpAddress": "::1", "$type": "TokenIssuedSuccessEvent"} [12:14:21 DBG] Token request success. [12:14:21 INF] Request finished in 148.3784ms 200 application/json; charset=UTF-8

Is it the correct way? please advise.


2 Answer(s)
  • User Avatar
    0
    alper created
    Support Team Director

    it looks like misconfiguration of Identity Server. Did you add clients to the Identity Server tables in database? also check the other tables because out of the box it's configured for your main web project.

  • User Avatar
    0
    nhontran created

    Hi @alper, I have found the root cause, I forgot to update the "audience" in HttpApi.Host project. Thanks

Made with ❤️ on ABP v8.2.0-preview Updated on March 25, 2024, 15:11