Open Closed

Multiple applications shared the same Identity Server #703


-1
nhontran created

Hi, is it possible to have a shared Identity Server for multiple applications? I have tried to create 2 application with app-pro template as below

  • ABP Framework version: v3.3.2
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Seperated (Angular): yes

I have removed the Identity Server in one application and updated the Angular UI to point to the shared Identity Server, I already created a new client in the shared Identity Server. However, I am not able to login successul, it managed to get the token but dashboard still show login button, I suspected it due to no claims:

[12:14:21 DBG] In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.

Below is the log content:

[12:14:21 INF] Token request validation success, {"ClientId": "App_UI", "ClientName": "App_UI", "GrantType": "authorization_code", "Scopes": null, "AuthorizationCode": "O345sXye9QaFRc8RPs-Bs3MxRLDX_kdqkjiymvtcX8o", "RefreshToken": null, "UserName": null, "AuthenticationContextReferenceClasses": null, "Tenant": null, "IdP": null, "Raw": {"grant_type": "authorization_code", "code": "O345sXye9QaFRc8RPs-Bs3MxRLDX_kdqkjiymvtcX8o", "redirect_uri": "http://localhost:4200", "code_verifier": "N1VsY3FSSmhsRXlMYVY4R0pjajRXN3FTOWJMdmFvTmF3SW9xNURIUUQ3dWFZ", "client_id": "App_UI"}, "$type": "TokenRequestValidationLog"} [12:14:21 DBG] client configuration validation for client App_UI succeeded. [12:14:21 DBG] Getting claims for access token for client: App_UI [12:14:21 DBG] Getting claims for access token for subject: 50d71d93-636f-f84d-d2c1-39f97c701cbe [12:14:21 DBG] Creating refresh token [12:14:21 DBG] Setting an absolute lifetime: 2592000 [12:14:21 DBG] client configuration validation for client App_UI succeeded. [12:14:21 DBG] Getting claims for identity token for subject: 50d71d93-636f-f84d-d2c1-39f97c701cbe and client: App_UI [12:14:21 DBG] In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration. [12:14:21 INF] {"ClientId": "App_UI", "ClientName": "App_UI", "RedirectUri": null, "Endpoint": "Token", "SubjectId": "50d71d93-636f-f84d-d2c1-39f97c701cbe", "Scopes": "openid App_UI offline_access", "GrantType": "authorization_code", "Tokens": [{"TokenType": "id_token", "TokenValue": "****8QnQ", "$type": "Token"}, {"TokenType": "refresh_token", "TokenValue": "****0m14", "$type": "Token"}, {"TokenType": "access_token", "TokenValue": "****N8rQ", "$type": "Token"}], "Category": "Token", "Name": "Token Issued Success", "EventType": "Success", "Id": 2000, "Message": null, "ActivityId": "80000095-0001-f700-b63f-84710c7967bb", "TimeStamp": "2020-12-18T04:14:21.0000000Z", "ProcessId": 23956, "LocalIpAddress": "::1:44306", "RemoteIpAddress": "::1", "$type": "TokenIssuedSuccessEvent"} [12:14:21 DBG] Token request success. [12:14:21 INF] Request finished in 148.3784ms 200 application/json; charset=UTF-8

Is it the correct way? please advise.


2 Answer(s)
  • 0
    albert created
    Support Team

    it looks like misconfiguration of Identity Server. Did you add clients to the Identity Server tables in database? also check the other tables because out of the box it's configured for your main web project.

  • 0
    nhontran created

    Hi @alper, I have found the root cause, I forgot to update the "audience" in HttpApi.Host project. Thanks