Open Closed

How to enable Openiddict for multitenant #4404


User avatar
0
Rajasekhar created
  • ABP Framework version: v7.0.0
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC): yes
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

How to enable openiddict for multitenant.

I have replaced the source code instated of nugget package (openiddict). and modified the all entities for multitenant and permissions also changed to display the openiddict in tenant level menu Later I have created the one client application at tenant level.

While redirecting the my client application to openididct solutions it's showing error like, invalid client id. I am suspecting tenant not resolving at opendidict level. please help me in this part


15 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team

    hi

    First of all OpenIddict should not be designed to be multi-tenant.

    , invalid client id.

    Please check the log for error details.

  • User Avatar
    0
    Rajasekhar created

    I need that requirement, Please do you have any customization for enable tenant level ? Please help on this part. it will very helpful for me

  • User Avatar
    0
    maliming created
    Support Team

    hi

    you can give it a try. I think it will be no problem.

    invalid client id.

    Please check the log for error details.

  • User Avatar
    0
    Rajasekhar created

    Yes Sure. I have tried to enable tenant level openidict. I am able to see the openiddict applications at tenant level, but while trying to login I am getting invalid_client. if you required the sample I will send you

  • User Avatar
    0
    maliming created
    Support Team

    invalid client id.

    Please check the log for error details.

  • User Avatar
    0
    Anjaneyulu created

    HI @maliming, we have created a basic abp project. @ https://github.com/rajasekhard2015/demo

    Tried extending openid dict to tenant . Please check the commits to see what all changes we have made.

    We were able to add client and do authentication. but we are having issue for logout.

    Can you please help us. It very critical for our delivery.

  • User Avatar
    0
    maliming created
    Support Team

    hi

    Please make your repository PRIVATE

    https://github.com/maliming

    What are the steps to reproduce?

  • User Avatar
    0
    Rajasekhar created

    Done and invitation sent you id. will share you the reproducing steps

  • User Avatar
    0
    maliming created
    Support Team

    OK

  • User Avatar
    0
    Anjaneyulu created

    Steps:

    1. Run the demo server and login into application as host.
    2. Create a tenant
    3. Login into tenant page and add any openid client in the Openid applications
    4. You can also check our sample ebanking in the test folder in repository
    5. After adding an openid client in server, configure the client with the client,secret and default scopes.
    6. Try logging in to the openid client application.
    7. Try logout.
    8. It is not logging out. If you open the url again it is navigating to the main page with out asking login credentials.
  • User Avatar
    0
    maliming created
    Support Team

    hi

    AuthServer needs to resolve the current tenant.

    invalid client id.

    But the request doesn't contain tenant information, so it can't find the tenant's client

    Try to add the below code to demoWebModule.cs

    app.UseRouting();
    
    app.Use(async (httpContext, next) =>
    {
        TenantConfiguration tenant = null;
        try
        {
            tenant = await httpContext.RequestServices.GetRequiredService<ITenantConfigurationProvider>().GetAsync(saveResolveResult: true);
        }
        catch (Exception e)
        {
            await next(httpContext);
        }
    
        var tenantResolveResultAccessor = httpContext.RequestServices.GetRequiredService<ITenantResolveResultAccessor>();
        if (tenantResolveResultAccessor.Result.AppliedResolvers.Contains(QueryStringTenantResolveContributor.ContributorName))
        {
            var currentTenant = httpContext.RequestServices.GetRequiredService<ICurrentTenant>();
            if (tenant?.Id != currentTenant.Id)
            {
                using (currentTenant.Change(tenant?.Id, tenant?.Name))
                {
                    await next(httpContext);
                    return;
                }
            }
        }
    
        await next(httpContext);
    });
    
    app.UseAuthentication();
    app.UseAbpOpenIddictValidation();
    
    if (MultiTenancyConsts.IsEnabled)
    {
        app.UseMultiTenancy();
    }
    
  • User Avatar
    0
    Rajasekhar created

    I will check and let you know

  • User Avatar
    0
    maliming created
    Support Team

    hi

    Also add below code to your ebank project

    AddAuthentication(options =>
        {
            options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
            options.DefaultChallengeScheme = "oidc";
        })
        .AddCookie(options =>
        {
            options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
            options.Cookie.Name = "ebanking2";
        })
        .AddOpenIdConnect("oidc", options =>
        {
            options.Authority = "https://localhost:44359/";
            options.RequireHttpsMetadata = true;
    
            //options.SignedOutRedirectUri = "";
    
            options.ClientId = "ebanking2";
            //options.ClientSecret = "test";
            options.Scope.Clear();
            options.Scope.Add("openid");
            options.Scope.Add("profile");
            options.Scope.Add("email");
            // options.Scope.Add("XSenseIdentity");
    
            options.SaveTokens = true;
    
            options.TokenValidationParameters = new TokenValidationParameters
            {
                NameClaimType = JwtClaimTypes.Name,
                RoleClaimType = JwtClaimTypes.Role,
            };
    
            options.Events.OnRedirectToIdentityProvider = redirectContext =>
            {
                redirectContext.ProtocolMessage.Parameters.Add("__tenant", "test");
                return Task.CompletedTask;
            };
        });
    
  • User Avatar
    0
    Rajasekhar created

    sure.. currently i am using domain based tenant resolver. i will add this one also for query based tenant resolver

  • User Avatar
    0
    Rajasekhar created

    Thanks for your valuable time with me.. Application working as per my requirement

    Thank you Soo Much.....👍👍👍👍👍👍👍👍

Made with ❤️ on ABP v8.2.0 Updated on February 19, 2024, 12:29