User Activities - nicolas.muniere@soprasteria.com

Duplicate api resources in identity server #3407

one year ago Answer

Thanks, it's working!

If this ticket can help someone else, MyResourceStore need to be created in Domain layer

Duplicate api resources in identity server #3407

one year ago Question

We are facing "Duplicate api resources" exception using identity server pro module. This bug has already been reported here a few month ago : https://support.abp.io/QA/Questions/2672/Duplicate-api-resources-in-identity-server

liangshiwei said:

I create an internal issue and will fix it in the next version.

But still no fix available, and the ticket is locked. Can you help?

Duplicate api resources in identity server #2672

2 years ago Answer

Hello, yes, here is the copy of the logs :

2022-03-04 09:42:42.689 +01:00 [INF] {"Details":"System.Exception: Duplicate api resources found. This is an invalid configuration. Use different names for API resources. Names found: AuthService\r\n at IdentityServer4.Stores.IResourceStoreExtensions.Validate(IEnumerable1 identity, IEnumerable1 apiResources, IEnumerable1 apiScopes)\r\n at IdentityServer4.Stores.IResourceStoreExtensions.FindResourcesByScopeAsync(IResourceStore store, IEnumerable1 scopeNames)\r\n at IdentityServer4.Stores.IResourceStoreExtensions.FindEnabledResourcesByScopeAsync(IResourceStore store, IEnumerable1 scopeNames)\r\n at IdentityServer4.Validation.DefaultResourceValidator.ValidateRequestedResourcesAsync(ResourceValidationRequest request)\r\n at IdentityServer4.Validation.TokenRequestValidator.ValidateRequestedScopesAsync(NameValueCollection parameters, Boolean ignoreImplicitIdentityScopes, Boolean ignoreImplicitOfflineAccess)\r\n at IdentityServer4.Validation.TokenRequestValidator.ValidateClientCredentialsRequestAsync(NameValueCollection parameters)\r\n at IdentityServer4.Validation.TokenRequestValidator.RunValidationAsync(Func2 validationFunc, NameValueCollection parameters)\r\n at IdentityServer4.Validation.TokenRequestValidator.ValidateRequestAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult)\r\n at IdentityServer4.Endpoints.TokenEndpoint.ProcessTokenRequestAsync(HttpContext context)\r\n at IdentityServer4.Endpoints.TokenEndpoint.ProcessAsync(HttpContext context)\r\n at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events, IBackChannelLogoutService backChannelLogoutService)","Category":"Error","Name":"Unhandled Exception","EventType":"Error","Id":3000,"Message":"Duplicate api resources found. This is an invalid configuration. Use different names for API resources. Names found: AuthService","ActivityId":"8000000a-0008-fc00-b63f-84710c7967bb","TimeStamp":"2022-03-04T08:42:42.0000000Z","ProcessId":30676,"LocalIpAddress":"::1:44345","RemoteIpAddress":"::1","$type":"UnhandledExceptionEvent"} 2022-03-04 09:42:42.689 +01:00 [FTL] Unhandled exception: Duplicate api resources found. This is an invalid configuration. Use different names for API resources. Names found: AuthService System.Exception: Duplicate api resources found. This is an invalid configuration. Use different names for API resources. Names found: AuthService at IdentityServer4.Stores.IResourceStoreExtensions.Validate(IEnumerable1 identity, IEnumerable1 apiResources, IEnumerable1 apiScopes) at IdentityServer4.Stores.IResourceStoreExtensions.FindResourcesByScopeAsync(IResourceStore store, IEnumerable1 scopeNames) at IdentityServer4.Stores.IResourceStoreExtensions.FindEnabledResourcesByScopeAsync(IResourceStore store, IEnumerable1 scopeNames) at IdentityServer4.Validation.DefaultResourceValidator.ValidateRequestedResourcesAsync(ResourceValidationRequest request) at IdentityServer4.Validation.TokenRequestValidator.ValidateRequestedScopesAsync(NameValueCollection parameters, Boolean ignoreImplicitIdentityScopes, Boolean ignoreImplicitOfflineAccess) at IdentityServer4.Validation.TokenRequestValidator.ValidateClientCredentialsRequestAsync(NameValueCollection parameters) at IdentityServer4.Validation.TokenRequestValidator.RunValidationAsync(Func2 validationFunc, NameValueCollection parameters) at IdentityServer4.Validation.TokenRequestValidator.ValidateRequestAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult) at IdentityServer4.Endpoints.TokenEndpoint.ProcessTokenRequestAsync(HttpContext context) at IdentityServer4.Endpoints.TokenEndpoint.ProcessAsync(HttpContext context) at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events, IBackChannelLogoutService backChannelLogoutService)

Duplicate api resources in identity server #2672

2 years ago Answer

Hello, Perhaps my explanations are not clear, please tell me what you need to investigate, I'm currently using multi api resources but if an admin select multi scope the sso will fail. Thanks

Duplicate api resources in identity server #2672

2 years ago Answer

Hello, The problem is explained in my fisrt ticket, IdentityServer Management UI allow user to enter multiple scopes, but its not working.

Duplicate api resources in identity server #2672

2 years ago Answer

Hi support team, any new on this subject?

Duplicate api resources in identity server #2672

2 years ago Answer

Hi, I do not agree with this, both Identity Server and abp allow administrator to configure multiple scopes on a unique api resource.

Here is a link to documentation, http://docs.identityserver.io/en/latest/topics/resources.html You can see that ApiResources can be configured with many scopes

public static readonly IEnumerable GetApiResources()
{
    return new List
    {
        new ApiResource("invoice", "Invoice API")
        {
            Scopes = { "invoice.read", "invoice.pay", "manage" }
        },
        
        new ApiResource("customer", "Customer API")
        {
            Scopes = { "customer.read", "customer.contact", "manage" }
        }
    };
}

Do you have an idea?

Duplicate api resources in identity server #2672

2 years ago Answer

Hello, The workaround using many api resources, containing each one unique scope is working, thank you! But is cannot be a long term solution, is it a bug from abp.io or Identity Server?

Thanks!

Duplicate api resources in identity server #2672

2 years ago Question

We are facing "Duplicate api resources" exception using identity server pro module. This bug has already been reported here a few month ago : https://support.abp.io/QA/Questions/1126/Bugs--Issues-v43X#answer-aee6a847-3590-2a64-81de-39fbde90446e

ABP Framework version: v5.1.3
UI type: MVC
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): no
Exception message and stack trace:
Steps to reproduce the issue: From a new solution, not tiered

Login with admin Open IdentityServer clients, edit AuthService_Swagger client Go to advanced -> Grant types and add client_credentials then save

Open postman, create a new get query on whatever, example https://localhost:44345/api/identity/users In authorization, select oauth2, then grant type : client credential access token url : https://localhost:44345/connect/token client id : AuthService_Swagger client secret : 1q2w3e* scope : AuthService then click 'get new access token'

=> it works correctly, because we are using a single scope

return to abp with admin account create a new api scope named AuthService.Read

edit api ressource and select the 2 scopes, save

In swagger, add the new scope AuthService.Read after AuthService

=> it does not work anymore, here is the error in logs

2022-03-04 09:42:42.689 +01:00 [INF] {"Details":"System.Exception: Duplicate api resources found. This is an invalid configuration. Use different names for API resources. Names found: AuthService\r\n at IdentityServer4.Stores.IResourceStoreExtensions.Validate(IEnumerable1 identity, IEnumerable1 apiResources, IEnumerable1 apiScopes)\r\n at IdentityServer4.Stores.IResourceStoreExtensions.FindResourcesByScopeAsync(IResourceStore store, IEnumerable1 scopeNames)\r\n at IdentityServer4.Stores.IResourceStoreExtensions.FindEnabledResourcesByScopeAsync(IResourceStore store, IEnumerable1 scopeNames)\r\n at IdentityServer4.Validation.DefaultResourceValidator.ValidateRequestedResourcesAsync(ResourceValidationRequest request)\r\n at IdentityServer4.Validation.TokenRequestValidator.ValidateRequestedScopesAsync(NameValueCollection parameters, Boolean ignoreImplicitIdentityScopes, Boolean ignoreImplicitOfflineAccess)\r\n at IdentityServer4.Validation.TokenRequestValidator.ValidateClientCredentialsRequestAsync(NameValueCollection parameters)\r\n at IdentityServer4.Validation.TokenRequestValidator.RunValidationAsync(Func2 validationFunc, NameValueCollection parameters)\r\n at IdentityServer4.Validation.TokenRequestValidator.ValidateRequestAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult)\r\n at IdentityServer4.Endpoints.TokenEndpoint.ProcessTokenRequestAsync(HttpContext context)\r\n at IdentityServer4.Endpoints.TokenEndpoint.ProcessAsync(HttpContext context)\r\n at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events, IBackChannelLogoutService backChannelLogoutService)","Category":"Error","Name":"Unhandled Exception","EventType":"Error","Id":3000,"Message":"Duplicate api resources found. This is an invalid configuration. Use different names for API resources. Names found: AuthService","ActivityId":"8000000a-0008-fc00-b63f-84710c7967bb","TimeStamp":"2022-03-04T08:42:42.0000000Z","ProcessId":30676,"LocalIpAddress":"::1:44345","RemoteIpAddress":"::1","$type":"UnhandledExceptionEvent"} 2022-03-04 09:42:42.689 +01:00 [FTL] Unhandled exception: Duplicate api resources found. This is an invalid configuration. Use different names for API resources. Names found: AuthService System.Exception: Duplicate api resources found. This is an invalid configuration. Use different names for API resources. Names found: AuthService at IdentityServer4.Stores.IResourceStoreExtensions.Validate(IEnumerable1 identity, IEnumerable1 apiResources, IEnumerable1 apiScopes) at IdentityServer4.Stores.IResourceStoreExtensions.FindResourcesByScopeAsync(IResourceStore store, IEnumerable1 scopeNames) at IdentityServer4.Stores.IResourceStoreExtensions.FindEnabledResourcesByScopeAsync(IResourceStore store, IEnumerable1 scopeNames) at IdentityServer4.Validation.DefaultResourceValidator.ValidateRequestedResourcesAsync(ResourceValidationRequest request) at IdentityServer4.Validation.TokenRequestValidator.ValidateRequestedScopesAsync(NameValueCollection parameters, Boolean ignoreImplicitIdentityScopes, Boolean ignoreImplicitOfflineAccess) at IdentityServer4.Validation.TokenRequestValidator.ValidateClientCredentialsRequestAsync(NameValueCollection parameters) at IdentityServer4.Validation.TokenRequestValidator.RunValidationAsync(Func2 validationFunc, NameValueCollection parameters) at IdentityServer4.Validation.TokenRequestValidator.ValidateRequestAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult) at IdentityServer4.Endpoints.TokenEndpoint.ProcessTokenRequestAsync(HttpContext context) at IdentityServer4.Endpoints.TokenEndpoint.ProcessAsync(HttpContext context) at IdentityServer4.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IEndpointRouter router, IUserSession session, IEventService events, IBackChannelLogoutService backChannelLogoutService)

<br> we cas try to use only the new scope : In swagger, replace scope with only AuthService.Read

=> it does not work, here is the error in logs

[ERR] Client AuthService\_Swagger is not allowed access to scope AuthService.Read. 2022-03-04 09:50:08.023 +01:00 [ERR] Invalid scopes requested, {"ClientId":"AuthService\_Swagger","ClientName":"AuthService\_Swagger","GrantType":"client\_credentials","Scopes":null,"AuthorizationCode":"**","RefreshToken":"**","UserName":null,"AuthenticationContextReferenceClasses":null,"Tenant":null,"IdP":null,"Raw":{"grant\_type":"client\_credentials","scope":"AuthService.Read"},"$type":"TokenRequestValidationLog"} 2022-03-04 09:50:08.023 +01:00 [INF] {"ClientId":"AuthService\_Swagger","ClientName":"AuthService\_Swagger","RedirectUri":null,"Endpoint":"Token","SubjectId":null,"Scopes":null,"GrantType":"client\_credentials","Error":"invalid\_scope","ErrorDescription":null,"Category":"Token","Name":"Token Issued Failure","EventType":"Failure","Id":2001,"Message":null,"ActivityId":"80000051-000a-fe00-b63f-84710c7967bb","TimeStamp":"2022-03-04T08:50:08.0000000Z","ProcessId":30676,"LocalIpAddress":"::1:44345","RemoteIpAddress":"::1","$type":"TokenIssuedFailureEvent"}

We are currently blocked, and need urgently a solution. Our project is starting, and if we can't archieve authentication we will have to look atfer another technical solution. Thanks for your help

Does license check still bloc dev after license expires? #912

3 years ago Answer

Thank you for your answer, but it is still unclear.

You say "after the license expires you can continue your development with the specified developer seat limits". This means that we will always be required to respect a license since the number of places remains limited ?

Sorry to insist, but if so I put myself in the shoes of my customers who will want to upgrade their applications in a few years : If a new team that does not have an abp commercial license wishes to develop an application based on abp commercial, what will be the constraints?

Will we have to remove 'AbpLicenseCode' from appsettings.json ? Will the developers be able to debug ? Will there be other constraints ?

The nuget.config contains a reference to a commercial url. Will this url still work?

Activities of "nicolas.muniere@soprasteria.com"