0
We would like to enable our Tenants to register their own applications (Clients) in OpenIddict. Their registered applications can then access the data in that Tenant only.
Is this possible?
- ABP Framework version: v7.0.1
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
1 答案
-
0
Hi,
Yes, it's possible.
Just an idea:
You can create a new page to allow the tenant to register their own application.
- Use the Object Extension System to add a new property TenantId to the OpenIddictApplications entity.
- Set the current TenantId when the tenant registers the application
- Custom the TokenController to determine current tenant from application(client)
Here are the TokenController methods you need to override:
- https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.AuthorizationCode.cs#L17
- https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.DeviceCode.cs#L17
- https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs#L38
- https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.RefreshToken.cs#L17
ClientCredentials
You need to add TenantId to the AccessToken: https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.ClientCredentials.cs#L34
Application name should be unique even for different tenants.