Activities of "Mohammed.sheik"
- ABP Framework version: v5.2.2
- UI Type: Angular
- Database System: EF Core
- Tiered (for MVC) or Auth Server Separated (for Angular): yes
Hi There,
I hope you are well.
We are integrating Okta as an external login provider for our application. We have added the following configuration to the ConfigureExternalProviders function in the AuthServerModule:
.AddOpenIdConnect(OpenIdConnectDefaults.AuthenticationScheme, "Okta",
options =>
{
options.Authority = "https://xxxxxx.okta.com/oauth2/default";
options.ClientId = "my client Id";
options.ClientSecret = "my client secret";
options.ResponseType = OpenIdConnectResponseType.Code;
options.Scope.Clear();
options.Scope.Add("offline_access");
options.Scope.Add("openid");
options.Scope.Add("profile");
options.Scope.Add("email");
options.SaveTokens = true;
options.ResponseMode = OpenIdConnectResponseMode.Query;
options.Events = new OpenIdConnectEvents
{
OnRedirectToIdentityProvider = context =>
{
// Perform any custom logic before redirecting to Okta
context.ProtocolMessage.RedirectUri = "http://localhost:4200";
return Task.CompletedTask;
},
};
});
My login page now has the option to login with Okta:
This is the settings that I have in my Okta Application settings:
As you can see I have configured the redirect URL on both sides to be http:localhost:4200 which is my Angular frontend. When I login to my application using the Okta option, I see the authentication happening correctly on the Okta side and after the authentication I am redirected to http:localhost:4200. The problem is that I don't get logged into my application because I get the error 'Validating access_token failed'. I do notice that the nounce, access_token, refresh_token etc are missing from the local storage for http://localhost:4200
Please advice on what I am missing and how I can resolve this issue. Your assistance is greatly appreciated.
ABP Framework version: v5.2.2
UI type: Angular
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): yes
Hi there,
I hope you are well.
We have developed a Saas application using the Abp microservice template. We now have a new requirement to integrate Okta as the identity provider for a specific client. Okta will only be used as the Identity provider for a specific client and other clients will use the default Identity Server that comes with the Abp template.
I am looking for guidance on how this can be achieved. Your assistance would be greatly appreciated.
- ABP Framework version: v5.2.2
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace:
- Steps to reproduce the issue:"
Hi there,
I hope you are well.
For a particular scenario in our project we are required to get a list of all users across all tenants. The approach we have taken is that we have got a list of all tenants and thereafter changed the current tenant, then get a list of all users from Identity service for that tenant and append in a list. We have followed the instruction in the documentation here: https://docs.abp.io/en/commercial/latest/startup-templates/microservice/synchronous-interservice-communication#synchronous-communication-between-microservices and have successfully been able to communicate with the identity service to get all users for each tenant. My problem is that it works fine when running locally using project tye however after I deploy to my Kubernetes environment I get an unauthorized error on the identity service side:
11:11:10 WRN] Code:Volo.Authorization:010001
[11:11:10 INF] AuthenticationScheme: Bearer was challenged.
[11:11:10 INF] Executed action Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi) in 9.4578ms
[11:11:10 INF] Executed endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)'
[11:11:10 INF] Request finished HTTP/1.1 GET http://tokengen-stag-identitysvc.conlog.com/api/identity/users?SkipCount=0&MaxResultCount=1000&api-version=1.0 - - - 401 0 - 35.9058ms
[11:11:33 INF] Request starting HTTP/1.1 GET http://tokengen-stag-identitysvc.conlog.com/api/identity/users - -
[11:11:33 INF] CORS policy execution failed.
[11:11:33 INF] Request origin null does not have permission to access the resource.
[11:11:33 INF] Executing endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)'
[11:11:33 INF] Route matched with {controller = "User", area = "identity", action = "GetList"}. Executing controller action with signature System.Threading.Tasks.Task1[Volo.Abp.Application.Dtos.PagedResultDto1[Volo.Abp.Identity.IdentityUserDto]] GetListAsync(Volo.Abp.Identity.GetIdentityUsersInput) on controller Volo.Abp.Identity.IdentityUserController (Volo.Abp.Identity.Pro.HttpApi).
[11:11:33 INF] Request starting HTTP/1.1 GET http://tokengen-stag-identitysvc.conlog.com/api/identity/users?SkipCount=0&MaxResultCount=1000&api-version=1.0 - -
[11:11:33 INF] Executing endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)'
[11:11:33 INF] Route matched with {controller = "User", area = "identity", action = "GetList"}. Executing controller action with signature System.Threading.Tasks.Task1[Volo.Abp.Application.Dtos.PagedResultDto1[Volo.Abp.Identity.IdentityUserDto]] GetListAsync(Volo.Abp.Identity.GetIdentityUsersInput) on controller Volo.Abp.Identity.IdentityUserController (Volo.Abp.Identity.Pro.HttpApi).
[11:11:33 INF] Authorization failed. These requirements were not met:
PermissionRequirement: AbpIdentity.Users
[11:11:33 WRN] ---------- RemoteServiceErrorInfo ----------
{
"code": "Volo.Authorization:010001",
"message": "Authorization failed! Given policy has not granted.",
"details": null,
"data": {},
"validationErrors": null
}
[11:11:33 WRN] Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
Volo.Abp.Authorization.AbpAuthorizationException: Exception of type 'Volo.Abp.Authorization.AbpAuthorizationException' was thrown.
at Microsoft.AspNetCore.Authorization.AbpAuthorizationServiceExtensions.CheckAsync(IAuthorizationService authorizationService, AuthorizationPolicy policy)
at Volo.Abp.Authorization.MethodInvocationAuthorizationService.CheckAsync(MethodInvocationAuthorizationContext context)
at Volo.Abp.Authorization.AuthorizationInterceptor.AuthorizeAsync(IAbpMethodInvocation invocation)
at Volo.Abp.Authorization.AuthorizationInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed)
at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo)
at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync() at Volo.Abp.Auditing.AuditingInterceptor.ProceedByLoggingAsync(IAbpMethodInvocation invocation, IAuditingHelper auditingHelper, IAuditLogScope auditLogScope) at Volo.Abp.Auditing.AuditingInterceptor.InterceptAsync(IAbpMethodInvocation invocation) at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed) at Castle.DynamicProxy.AsyncInterceptorBase.ProceedAsynchronous[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo) at Volo.Abp.Castle.DynamicProxy.CastleAbpMethodInvocationAdapterWithReturnValue1.ProceedAsync()
at Volo.Abp.Uow.UnitOfWorkInterceptor.InterceptAsync(IAbpMethodInvocation invocation)
at Volo.Abp.Castle.DynamicProxy.CastleAsyncAbpInterceptorAdapter1.InterceptAsync[TResult](IInvocation invocation, IInvocationProceedInfo proceedInfo, Func3 proceed)
at lambda_method2280(Closure , Object )
at Microsoft.AspNetCore.Mvc.Infrastructure.ActionMethodExecutor.AwaitableObjectResultExecutor.Execute(IActionResultTypeMapper mapper, ObjectMethodExecutor executor, Object controller, Object[] arguments)
at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.g__Awaited|12_0(ControllerActionInvoker invoker, ValueTask1 actionResultValueTask) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.<InvokeNextActionFilterAsync>g__Awaited|10_0(ControllerActionInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Rethrow(ActionExecutedContextSealed context) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) at Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker.InvokeInnerFilterAsync() --- End of stack trace from previous location --- at Microsoft.AspNetCore.Mvc.Infrastructure.ResourceInvoker.<InvokeNextExceptionFilterAsync>g__Awaited|26_0(ResourceInvoker invoker, Task lastTask, State next, Scope scope, Object state, Boolean isCompleted) [11:11:33 WRN] Code:Volo.Authorization:010001 [11:11:33 INF] AuthenticationScheme: Bearer was challenged. [11:11:33 INF] Executed action Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi) in 13.8284ms [11:11:33 INF] Executed endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)' [11:11:34 INF] Executing ObjectResult, writing value of type 'Volo.Abp.Application.Dtos.PagedResultDto1[[Volo.Abp.Identity.IdentityUserDto, Volo.Abp.Identity.Pro.Application.Contracts, Version=6.0.1.0, Culture=neutral, PublicKeyToken=null]]'.
[11:11:34 INF] Executed action Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi) in 67.5621ms
[11:11:34 INF] Executed endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)'
In my Identity database, dbo.OpenIddictApplications table the application is seeded correctly:
In the Administration database, dbo.AbpPermissionGrants table the 'AbpIdentity.Users' permission is seeded correctly as well.
Please can you assist in resolving this issue.
- ABP Framework version: v5.2.2
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace:
- Steps to reproduce the issue:"
Hi There,
We are using the microservices template and would like your advice on what is the best way to retrieve a list of all tenants from a microservice Application layer.
your assistance is greatly appreciated.
Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
If you're creating a bug/problem report, please include followings:
- ABP Framework version: v5.2.2
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace:
- Steps to reproduce the issue:"
Hi There,
Please assist with the below scenario:
We need to authenticate users from different tenants on our Swagger frontend. I have changed the Swagger config to use password flow so I can establish the tenant that the user belongs to however users that belong to tenants cannot be authenticated, please see error screenshot below. I am aware that the __tenant header field needs to be set, please advise how this can be done.
<br> Below is my Swagger config:
if (apiTitle == "XxxService API")
{
context.Services.AddAbpSwaggerGen(
options =>
{
options.SwaggerDoc(apiName, new OpenApiInfo { Title = apiTitle, Version = apiVersion });
options.DocInclusionPredicate((docName, description) => true);
options.CustomSchemaIds(type => type.FullName);
options.DocumentFilter<CustomSwaggerFilter>();
options.AddSecurityDefinition(
"oauth2PasswordFlows",
new OpenApiSecurityScheme
{
Type = SecuritySchemeType.OAuth2,
Flows = new OpenApiOAuthFlows
{
Password = new OpenApiOAuthFlow()
{
AuthorizationUrl = new Uri("https://localhost:44322/connect/authorize"),
TokenUrl = new Uri("https://localhost:44322/connect/token"),
Scopes = scopes
}
}
});
options.AddSecurityRequirement(
new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme{
Reference = new OpenApiReference{
Id = "oauth2PasswordFlows",
Type = ReferenceType.SecurityScheme
}
},
new List<string>()
}
});
});
}
Your help is greatly appreciated.
Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
If you're creating a bug/problem report, please include followings:
- ABP Framework version: v5.2.2
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace:
- Steps to reproduce the issue: 'yarn install' then 'yarn start' the angular project
Hi There,
I am having an issue with the login button on the Angular project, it does not work in production mode as it does not redirect me to the AuthServer login page and it looks like it is not firing any events either.
There is no errors being thrown by any of the services (Auth, Identity, Saas, Admin etc). Please send me your email address so that I can share the environment.prod.ts file and also send you the URL of the site so you can see the issue at play.
- ABP Framework version: v5.2.2
- UI type: Angular
- DB provider: EF Core
- **Tiered (MVC)
- Exception message and stack trace:
- Steps to reproduce the issue: 'yarn install' then 'yarn start' the angular project
Hi,
We currently trying to get the microservices template up and running however we are facing an issue whereby the angular project cannot startup.
I have the Identity service, administration service, saas service, product service, web gateway and public web gateway all running fine. Any assistance is much appreciated.