Hello,
Sounds good, thanks. For clarification, in the new API are you saying to make a new request to Azure to grab the tokens? Otherwise the tokens don't seem to exist in the HttpContext and need to be populated still.
Thanks.
Hello,
We integrated Azure AD to the ABP Angular application, allowing users to authentiate using Azure AD and the users are then added to the ABP Identity server.
We then added the Volo.Account module and noticed that when using the SignInManager, the ABP framework pulls in an access token from Azure AD and then exchanges it for an application token which is returned to Angular and stored. Is there a way for us to not exchange the application token and keep the access token from Azure AD to call others apis with the Azure AD access token?
Code below shows where the access token is acquired and exchanged in Volo.Abp.Account.Web.Pages.Account.Login.cshtml We print out the access token and it has the information we need, but we want that token stored in the frontend instead of the exchanged ABP token. Starting at line 191. https://github.com/abpframework/abp/blob/dev/modules/account/src/Volo.Abp.Account.Web/Pages/Account/Login.cshtml.cs
var loginInfo = await SignInManager.GetExternalLoginInfoAsync();
if (loginInfo == null)
{
Logger.LogWarning("External login info is not available");
return RedirectToPage("./Login");
}
var result = await SignInManager.ExternalLoginSignInAsync(
loginInfo.LoginProvider,
loginInfo.ProviderKey,
isPersistent: false,
bypassTwoFactor: true
);
Console.WriteLine("HELLO WORLD!");
Console.WriteLine(loginInfo.AuthenticationTokens);
foreach(var item in loginInfo.AuthenticationTokens)
{
Console.WriteLine(item);
foreach (PropertyDescriptor descriptor in TypeDescriptor.GetProperties(item))
{
string name = descriptor.Name;
object value = descriptor.GetValue(item);
Console.WriteLine("{0}={1}", name, value);
}
Thanks
Hello,
We are currently using an ABP framework project with ABP version 6.0, Angular UI, and have the Identity Server Separated currently in the project. According to this github issue, ABP is pivoting away from IdentityServer4 with options to either implement OpenIdDict or use an "External OAuth server (like Azure or Keycloack) instead of OpenIdDict or IDS", stated in the issue. We are looking to remove IdentityServer4 as the IDS and integrate Azure AD as our external OAuth server.
Are there guides, solutions, or examples on how previous ABP users have implemented an external OAuth server, specifically using Azure if possible?
Thanks
Hello,
In our current ABP project, we already use OIDC with Azure AD to authenticate users to our project. We want to also have the ability for the client-side to call different APIs with different scopes through Microsoft Azure using authentication requested from Microsoft. Is there a way to do this using ABP?
These other APIs are also registered in Azure Active Directory and granted the delegated permission to our application registered in azure active directory and developed using abp framework. When calling the API, the API is needed to authorize with an access token when the user signs into the application. These APIs are developed not using abp framework.
Thanks
Hello,
Can we schedule a call to better explain our issue and resolve the issue?
Thanks
Hello,
Could we maybe set up a working session/call to resolve what we are trying to do? Should be a some what common scenario with trying to get access tokens for like a MS graph api call, but may not be explaining it well.
Thanks
Hello,
The code below was sitting in the HttpApi project inside a controller endpoint.
if (User.Identity.IsAuthenticated)
{
Console.WriteLine("User is Authenticated!");
string accessToken = await HttpContext.GetTokenAsync("access_token");
Console.WriteLine("AccessToken {0}", accessToken);
}
The other code is in the HttpApi.Host project, in the given file with the name *ApiHostModule.cs.
Those code snippets aren't essential right now, we need to request an access token instead of retrieve from current context. The main thing is how can we request the needed access token from microsoft as mentioned in the other post. Sorry for any prior confusion. https://support.abp.io/QA/Questions/4154#answer-a2dd01f7-b10b-bd7d-e3ab-3a07fbfced67
Thanks
Hello,
Sorry, need to provide some clarification. We are trying to retrieve an access token for calling APIs of applications in our Microsoft tenant. The main question is how do we send requests for those access tokens? Similar concept to MSAL where you can send a request for an access token to have permission to call APIs, but how do we implement the request for tokens with ABP framework.
Thanks
hi
You can get tokens from HttpContext,
await httpContext.GetTokenAsync("access_token");
Hello,
When using the await and GetTokenAsync from above, the value returned is null. For example, when adding the code block below, the value shows as null. Are there any changes we need to make for the Authentication configuration for OIDC to retrieve the access_token?
if (User.Identity.IsAuthenticated)
{
Console.WriteLine("User is Authenticated!");
string accessToken = await HttpContext.GetTokenAsync("access_token");
Console.WriteLine("AccessToken {0}", accessToken);
}
Here's a snippet of our OIDC config.
context.Services.AddAuthentication()
.AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options =>
{
options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAD:TenantId"] + "/v2.0/";
options.ClientId = configuration["AzureAd:ClientId"];
options.ResponseType = OpenIdConnectResponseType.CodeIdTokenToken;
options.CallbackPath = configuration["AzureAd:CallbackPath"];
options.ClientSecret = configuration["AzureAd:ClientSecret"];
options.RequireHttpsMetadata = false;
options.SaveTokens = true;
options.GetClaimsFromUserInfoEndpoint = true;
options.Scope.Add("email"); options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
When using this line of code though, we do get a bearer token back, can you also confirm this bearer token should work for getting the delegated token?
string bearerToken = Request.Headers[HeaderNames.Authorization].ToString()
Thanks
Hello,
In our current ABP project, we use OIDC with Azure AD to authenticate users to our project. We want to call some APIs in another project, which is using NodeJS and also in our tenant, but need to authenticate when calling their API.
Is there a way to retrieve a delegated API access token and call the other NodeJS application's APIs? Currently tried to add the other project as a delegated API permission through Azure in our Azure project app registration, but couldn't find a way to get the access token in our .NET project to call the other api.
Thanks