Microservice K8s deployment #3120

0

gterdem created 2 years ago

Support Team Senior .NET Developer

If is it about your local k8s cluster, you need to create self-signed certificate for your local machine. If it is about the production environment, you can use lets-encrypt as a cluster-issuer.

0

imranStem created 2 years ago

I have the certificate file and key and I created the secret from the certificate file. Still I ned to use lets encrypt?

I have installed cert-manager and lets-encrypt issuer and run following command.

kubectl get certificates -n churchpharmacy

and my certificate ready status is false.

0

gterdem created 2 years ago

Support Team Senior .NET Developer

You can check eShopOnAbp k8s readme that has information about how to create self-signed certificate.

Also, you can find faster and better information on StackOverflow since this is out of ABP's scope.

0

imranStem created 2 years ago

I have fixed the certificate issue. All gateway, auth server, and services running except administration microservice. Getting the following error on administration microservice.

  [11:00:32 INF] Request starting HTTP/1.1 GET http://administration-service-v1.mydomain.com/ - -

[11:00:33 ERR] Connection id "0HMHTEIFHUIB3", Request id "0HMHTEIFHUIB3:00000002": An unhandled exception was thrown by the application. Autofac.Core.DependencyResolutionException: An exception was thrown while activating Swashbuckle.AspNetCore.SwaggerGen.SwaggerGenerator -> λ:Swashbuckle.AspNetCore.SwaggerGen.SwaggerGeneratorOptions -> Microsoft.Extensions.Options.UnnamedOptionsManager1[[Swashbuckle.AspNetCore.SwaggerGen.SwaggerGeneratorOptions, Swashbuckle.AspNetCore.SwaggerGen, Version=6.2.1.0, Culture=neutral, PublicKeyToken=d84d99fb0135530a]] -> Microsoft.Extensions.Options.OptionsFactory1[[Swashbuckle.AspNetCore.SwaggerGen.SwaggerGeneratorOptions, Swashbuckle.AspNetCore.SwaggerGen, Version=6.2.1.0, Culture=neutral, PublicKeyToken=d84d99fb0135530a]] -> λ:Microsoft.Extensions.Options.IConfigureOptions1[[Swashbuckle.AspNetCore.SwaggerGen.SwaggerGeneratorOptions, Swashbuckle.AspNetCore.SwaggerGen, Version=6.2.1.0, Culture=neutral, PublicKeyToken=d84d99fb0135530a]][] -> Swashbuckle.AspNetCore.SwaggerGen.ConfigureSwaggerGeneratorOptions. ---> Autofac.Core.DependencyResolutionException: An exception was thrown while invoking the constructor 'Void .ctor(Microsoft.Extensions.Options.IOptions1[Swashbuckle.AspNetCore.SwaggerGen.SwaggerGenOptions], System.IServiceProvider, Microsoft.AspNetCore.Hosting.IWebHostEnvironment)' on type 'ConfigureSwaggerGeneratorOptions'. ---> System.UriFormatException: Invalid URI: The format of the URI could not be determined. at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind, UriCreationOptions& creationOptions) at System.Uri..ctor(String uriString) at Microsoft.Extensions.DependencyInjection.AbpSwaggerGenServiceCollectionExtensions.<>c__DisplayClass1_0.<AddAbpSwaggerGenWithOAuth>b__0(SwaggerGenOptions options) at Microsoft.Extensions.Options.ConfigureNamedOptions1.Configure(String name, TOptions options) at Microsoft.Extensions.Options.OptionsFactory1.Create(String name) at Microsoft.Extensions.Options.UnnamedOptionsManager1.get_Value() at lambda_method3(Closure , Object[] ) at Autofac.Core.Activators.Reflection.BoundConstructor.Instantiate() --- End of inner exception stack trace --- at Autofac.Core.Activators.Reflection.BoundConstructor.Instantiate() at Autofac.Core.Activators.Reflection.ReflectionActivator.ActivateInstance(IComponentContext context, IEnumerable1 parameters) at Autofac.Core.Activators.Reflection.ReflectionActivator.<ConfigurePipeline>b__11_0(ResolveRequestContext ctxt, Action1 next) at Autofac.Core.Resolving.Middleware.DelegateMiddleware.Execute(ResolveRequestContext context, Action1 next) at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext ctxt) at Autofac.Core.Resolving.Middleware.DisposalTrackingMiddleware.Execute(ResolveRequestContext context, Action1 next) at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext ctxt) at Autofac.Core.Resolving.Middleware.ActivatorErrorHandlingMiddleware.Execute(ResolveRequestContext context, Action1 next) --- End of inner exception stack trace --- at Autofac.Core.Resolving.Middleware.ActivatorErrorHandlingMiddleware.Execute(ResolveRequestContext context, Action1 next) at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext ctxt) at Autofac.Core.Pipeline.ResolvePipeline.Invoke(ResolveRequestContext ctxt) at Autofac.Core.Resolving.Middleware.RegistrationPipelineInvokeMiddleware.Execute(ResolveRequestContext context, Action1 next) at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext ctxt) at Autofac.Core.Resolving.Middleware.SharingMiddleware.Execute(ResolveRequestContext context, Action1 next) at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext ctxt) at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext ctxt) at Autofac.Core.Resolving.Middleware.CircularDependencyDetectorMiddleware.Execute(ResolveRequestContext context, Action1 next) at Autofac.Core.Resolving.Pipeline.ResolvePipelineBuilder.<>c__DisplayClass14_0.<BuildPipeline>b__1(ResolveRequestContext ctxt) at Autofac.Core.Pipeline.ResolvePipeline.Invoke(ResolveRequestContext ctxt) at Autofac.Core.Resolving.ResolveOperation.GetOrCreateInstance(ISharingLifetimeScope currentOperationScope, ResolveRequest request) at Autofac.Core.Resolving.ResolveOperation.ExecuteOperation(ResolveRequest request) at Autofac.Core.Resolving.ResolveOperation.Execute(ResolveRequest request) at Autofac.Core.Lifetime.LifetimeScope.ResolveComponent(ResolveRequest request)

I have the following configuration in the administration microservice.

{ "App": { "SelfUrl": "https://administration-service-v1.mydomain.com", "CorsOrigins": "https://*.mydomain.com,http://*.mydomain.com" }, "AuthServer": { "Authority": "http://auth-server-v1.mydomain.com", "RequireHttpsMetadata": "false", "SwaggerClientId": "WebGateway_Swagger", "SwaggerClientSecret": "1q2w3e*" }, "RemoteServices": { "AbpIdentity": { "BaseUrl": "https://identity-service-v1.mydomain.com/", "UseCurrentAccessToken": "false" } }, "IdentityClients": { "Default": { "GrantType": "client_credentials", "ClientId": "ChurchPharmacy_AdministrationService", "ClientSecret": "1q2w3e*", "Authority": "https://auth-server-v1.mydomain.com", "Scope": "IdentityService" } }, "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } }, "AllowedHosts": "*", "ConnectionStrings": { "AdministrationService": "-", "SaasService": "-" }, "StringEncryption": { "DefaultPassPhrase": "3VCRVu2hISrQLlgo" }, "Redis": { "Configuration": "localhost:6379" }, "ElasticSearch": { "Url": "http://localhost:9200" }, "Settings": { "Volo.Abp.LeptonTheme.Style": "Style6", "Volo.Abp.LeptonTheme.Style.PublicLayout": "Style5" } }

I also want to share the domain URLs with you so you can check your side as well and you can give me proper solutions.

As you notice in the above configuration, I have set the authority without HTTPS so when I check the authorized api with swagger, its not working.

0

gterdem created 2 years ago

Support Team Senior .NET Developer

{ "App": { "SelfUrl": "https://administration-service-v1.mydomain.com", "CorsOrigins": "https://.mydomain.com,http://.mydomain.com" }, "AuthServer": { "Authority": "http://auth-server-v1.mydomain.com", "RequireHttpsMetadata": "false", "SwaggerClientId": "WebGateway_Swagger", "SwaggerClientSecret": "1q2w3e*" }, "RemoteServices": { "AbpIdentity": { "BaseUrl": "https://identity-service-v1.mydomain.com/", "UseCurrentAccessToken": "false" } }, "IdentityClients": { "Default": { "GrantType": "client_credentials", "ClientId": "ChurchPharmacy_AdministrationService", "ClientSecret": "1q2w3e*", "Authority": "https://auth-server-v1.mydomain.com", "Scope": "IdentityService" } }, "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } }, "AllowedHosts": "*", "ConnectionStrings": { "AdministrationService": "-", "SaasService": "-" }, "StringEncryption": { "DefaultPassPhrase": "3VCRVu2hISrQLlgo" }, "Redis": { "Configuration": "localhost:6379" }, "ElasticSearch": { "Url": "http://localhost:9200" }, "Settings": { "Volo.Abp.LeptonTheme.Style": "Style6", "Volo.Abp.LeptonTheme.Style.PublicLayout": "Style5" } }

These settings are obsolete since they are getting overridden by Kubernetes. Can you check helm chart Values?

0

imranStem created 2 years ago

The swagger issue is fixed. Now I have an authority issue.

If I use the https then I am getting the following error.

[12:27:43 INF] Request starting HTTP/1.1 GET http://saas-service-v1.mydomain.com/api/abp/api-definition - - [12:27:44 ERR] Exception occurred while processing message. System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://auth-server-v1.mydomain.com/. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://auth-server-v1.mydomain.com/'. ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch at System.Net.Security.SslStream.SendAuthResetSignal(ProtocolToken message, ExceptionDispatchInfo exception) at System.Net.Security.SslStream.CompleteHandshake(SslAuthenticationOptions sslAuthenticationOptions) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request) at System.Threading.Tasks.TaskCompletionSourceWithCancellation1.WaitWithCancellationAsync(CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken) at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) --- End of inner exception stack trace --- at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel) at Microsoft.IdentityModel.Protocols.ConfigurationManager1.GetConfigurationAsync(CancellationToken cancel) --- End of inner exception stack trace ---

and If I use the http with RequireHttpsMetadata false then I am not able to login, swagger throw below exception.

0

gterdem created 2 years ago

Support Team Senior .NET Developer

System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'https://auth-server-v1.mydomain.com/. ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'https://auth-server-v1.mydomain.com/'. ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure: RemoteCertificateNameMismatch

You need to reach authserver using HTTP when trying to communicate internally. So, you can try using http://auth-server-v1.mydomain.com

0

imranStem created 2 years ago

I checked with http as well but I am getting following error in swagger when try to authorise.

Can you please provide your email so I can share all domain details with you?

0

imranStem created 2 years ago

The web gate has the following error logs. [13:52:15 INF] Request starting HTTP/1.1 GET http://web-gateway-v1.mydomain.com/api/abp/application-configuration - - [13:52:15 INF] CORS policy execution successful. [13:52:15 INF] requestId: 0HMHTGPHDTLLU:00000002, previousRequestId: no previous request id, message: EndpointRateLimiting is not enabled for /api/abp/{everything} [13:52:15 INF] requestId: 0HMHTGPHDTLLU:00000002, previousRequestId: no previous request id, message: No authentication needed for /api/abp/application-configuration [13:52:15 INF] requestId: 0HMHTGPHDTLLU:00000002, previousRequestId: no previous request id, message: /api/abp/{everything} route does not require user to be authorized [13:52:15 WRN] requestId: 0HMHTGPHDTLLU:00000002, previousRequestId: no previous request id, message: Error Code: ConnectionToDownstreamServiceError Message: Error connecting to downstream service, exception: System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.IO.IOException: Cannot determine the frame size or a corrupted frame was received. at System.Net.Security.SslStream.GetFrameSize(ReadOnlySpan1 buffer) at System.Net.Security.SslStream.ReceiveBlobAsync[TIOAdapter](TIOAdapter adapter) at System.Net.Security.SslStream.ForceAuthenticationAsync[TIOAdapter](TIOAdapter adapter, Boolean receiveFirst, Byte[] reAuthenticationData, Boolean isApm) at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) --- End of inner exception stack trace --- at System.Net.Http.ConnectHelper.EstablishSslConnectionAsync(SslClientAuthenticationOptions sslOptions, HttpRequestMessage request, Boolean async, Stream stream, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.AddHttp11ConnectionAsync(HttpRequestMessage request) at System.Threading.Tasks.TaskCompletionSourceWithCancellation1.WaitWithCancellationAsync(CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.GetHttp11ConnectionAsync(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpConnectionPool.SendWithVersionDetectionAndRetryAsync(HttpRequestMessage request, Boolean async, Boolean doRequestAuth, CancellationToken cancellationToken) at System.Net.Http.DiagnosticsHandler.SendAsyncCore(HttpRequestMessage request, Boolean async, CancellationToken cancellationToken) at System.Net.Http.HttpClient.<SendAsync>g__Core|83_0(HttpRequestMessage request, HttpCompletionOption completionOption, CancellationTokenSource cts, Boolean disposeCts, CancellationTokenSource pendingRequestsCts, CancellationToken originalCancellationToken) at Ocelot.Requester.HttpClientHttpRequester.GetResponse(HttpContext httpContext) errors found in ResponderMiddleware. Setting error response for request path:/api/abp/application-configuration, request method: GET [13:52:15 INF] Request finished HTTP/1.1 GET http://web-gateway-v1.mydomain.com/api/abp/application-configuration - - - 502 0 - 34.2504ms

0

gterdem created 2 years ago

Support Team Senior .NET Developer

I checked with http as well but I am getting following error in swagger when try to authorise.

Can you please provide your email so I can share all domain details with you?

Sure, please email to info@abp.io

SSL connection could not be established, see inner exception. ---> System.IO.IOException: Cannot determine the frame size or a corrupted frame was received.

It seems you are re-routing to HTTPS in a gateway. This is an internal network. The request should be redirected to a microservice hosted pod/container using HTTP (port 80 instead of 443).

0

imranStem created 2 years ago

I have sent an email with the details.

As I deployed microservices on Kubernetes, Do I need to follow Kubernetes ocelot configuration as per below?

https://ocelot.readthedocs.io/en/latest/features/kubernetes.html

0

imranStem created 2 years ago

I have changed the ocelot values in config map with the service's endpoint address and the above issue is fixed but is this the correct configuration to use the service endpoint instead of the domain URL in the production?

0

gterdem created 2 years ago

Support Team Senior .NET Developer

I have changed the ocelot values in config map with the service's endpoint address and the above issue is fixed but is this the correct configuration to use the service endpoint instead of the domain URL in the production?

Yes, api gateway should re-route to internal network instead of over-internet.

0

imranStem created 2 years ago

All the configurations are done. Now when I try to log in with auth server, the login successfully done but it's not authenticated on the angular website.

administration log

[07:08:41 INF] Request starting HTTP/1.1 GET http://my-company-administration-service-v1.company-staging.svc.cluster.local/api/abp/application-configuration - 0 [07:08:41 INF] CORS policy execution successful. [07:08:41 INF] CORS policy execution successful. [07:08:41 INF] Failed to validate the token. Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10205: Issuer validation failed. Issuer: 'https://auth-server-v1.mydomain.com'. Did not match: validationParameters.ValidIssuer: 'null' or validationParameters.ValidIssuers: 'http://auth-server-v1.mydomain.com'. at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateIssuer(String issuer, JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateTokenPayload(JwtSecurityToken jwtToken, TokenValidationParameters validationParameters) at System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler.ValidateToken(String token, TokenValidationParameters validationParameters, SecurityToken& validatedToken) at Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler.HandleAuthenticateAsync() [07:08:41 INF] Bearer was not authenticated. Failure message: IDX10205: Issuer validation failed. Issuer: 'https://auth-server-v1.mydomain.com'. Did not match: validationParameters.ValidIssuer: 'null' or validationParameters.ValidIssuers: 'http://auth-server-v1.mydomain.com'. [07:08:41 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)' [07:08:41 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationConfiguration", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto] GetAsync() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController (Volo.Abp.AspNetCore.Mvc). [07:08:41 WRN] The cookie 'XSRF-TOKEN' has set 'SameSite=None' and must also set 'Secure'. [07:08:41 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto'. [07:08:41 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 108.1989ms [07:08:41 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)' [07:08:41 INF] Request finished HTTP/1.1 GET http://company-staging-administration-service-v1.company-staging.svc.cluster.local/api/abp/application-configuration - 0 - 200

0

gterdem created 2 years ago

Support Team Senior .NET Developer

As I deployed microservices on Kubernetes, Do I need to follow Kubernetes ocelot configuration as per below? https://ocelot.readthedocs.io/en/latest/features/kubernetes.html

Did you use the ocelot kubernetes library? It shouldn't be necessary.

[07:08:41 INF] Failed to validate the token. Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10205: Issuer validation failed. Issuer: 'https://auth-server-v1.order-line.co.uk'. Did not match: validationParameters.ValidIssuer: 'null' or validationParameters.ValidIssuers: 'http://auth-server-v1.order-line.co.uk'. at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters)

It happens because the issuer is automatically set by the request. Set issuer to fix this problem In AuthServerModule.cs as follows:

Configure<IdentityServerOptions>(options => 
{ 
    options.IssuerUri = configuration["App:SelfUrl"];
});

Assuming you override App:SelfUrl with https://auth-server-v1.order-line.co.uk

0

imranStem created 2 years ago

Ok, The issuer issue is fixed. Now getting below error in auth server logs.

[09:37:16 INF] CORS policy execution successful. [09:37:16 INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token [09:37:16 INF] {"ClientId": "ChurchPharmacy_Angular", "AuthenticationMethod": "NoSecret", "Category": "Authentication", "Name": "Client Authentication Success", "EventType": "Success", "Id": 1010, "Message": null, "ActivityId": "0HMHUVCU8Q8EE:00000005", "TimeStamp": "2022-05-26T09:37:16.0000000Z", "ProcessId": 1, "LocalIpAddress": "::ffff:10.244.0.167:80", "RemoteIpAddress": "27.109.16.210", "$type": "ClientAuthenticationSuccessEvent"} [09:37:16 ERR] Client not authorized for resource owner flow, check the AllowedGrantTypes setting{"client_id": "ChurchPharmacy_Angular"}, details: {"ClientId": "ChurchPharmacy_Angular", "ClientName": "ChurchPharmacy_Angular", "GrantType": "password", "Scopes": null, "AuthorizationCode": "", "RefreshToken": "", "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "password", "scope": "offline_access openid profile email phone AccountService IdentityService AdministrationService SaasService ProductService", "client_id": "ChurchPharmacy_Angular", "username": "admin", "password": "REDACTED"}, "$type": "TokenRequestValidationLog"} [09:37:16 INF] {"ClientId": "ChurchPharmacy_Angular", "ClientName": "ChurchPharmacy_Angular", "RedirectUri": null, "Endpoint": "Token", "SubjectId": null, "Scopes": null, "GrantType": "password", "Error": "unauthorized_client", "ErrorDescription": null, "Category": "Token", "Name": "Token Issued Failure", "EventType": "Failure", "Id": 2001, "Message": null, "ActivityId": "0HMHUVCU8Q8EE:00000005", "TimeStamp": "2022-05-26T09:37:16.0000000Z", "ProcessId": 1, "LocalIpAddress": "::ffff:10.244.0.167:80", "RemoteIpAddress": "27.109.16.210", "$type": "TokenIssuedFailureEvent"} [09:37:16 INF] Request finished HTTP/1.1 POST http://auth-server-v1.mydomain.com/connect/token application/x-www-form-urlencoded 230 - 400 - application/json;+charset=UTF-8 41.5066ms

I have the below configuration in angular.

const oAuthConfig = {
  issuer: 'https://auth-server-v1.mydomain.com',
  clientId: 'ChurchPharmacy_Angular',
  scope:
    'offline_access openid profile email phone AccountService IdentityService AdministrationService SaasService ProductService'
};

0

imranStem created 2 years ago

The above issue is fixed. Thanks for your support.

17 Answer(s)