Hi,
I've put 2 microservices for testing into a docker container that uses mongodb. Authorization works there. I have used the same config in the appsettings.json for dbmigrator and apihost projects for my current project that uses ef core. However when I try to authorize the request I am getting the below error:
I have checked the IdentityServerClients and redirecturis tables and I could find the relevant entries with the testing internal domain name but still I get the error. Since reproducing this at your end might be difficult, please let me know if you guys could take remote and see.
Thank you,
- ABP Framework version: v4.4.0
- UI type: Swagger
- DB provider: EF Core
12 Answer(s)
-
0
Are you working on your local or did you deployed them into a server and you're accessing them via IP or a domain?
Please check
AllowedRedirectUris
parameter is 'http://localhost/signin-oidc' or 'http://yourdomain.com/signin-oidc'.
If you're sure about IdentityServer Client configuration, the problem might be protocol issue. Incoming requests are always http if pods are communicating behind load balancer.
Try to add following line into OnApplicationInitialization method in your each Service Module class.
app.Use((context, next) => { context.Request.Scheme = "https"; return next(); });
See more about running behind load balancer
-
0
the same setup is being used for other 2 containers that runs using mongodb. authorization works there.
I am authorizing via swagger. No http traffic is allowed. It's happening over https.
I didnt see the signin-oidc url. the connection is going to connect/authorize and the redirect_uri parameter is the same as the originating swagger url.
-
0
hi enisn,
please update.
thanks :)
-
0
Invalid_Redirect_Uri
error means your Redirect Uri is not matching with the one you already have in database for this application (client). Check the identityserver logs for more information. Probably related with your environment configuration.We are not available for remote sessions most of the time, please share a repo or detailed logs so that any of us available can check and help within the shorted time period available. It will also help other members in the future if they come across the same issue.
-
0
As i have mentioned earlier the values in db in tables "IdentityServerClients" are as same as that in the browser. Usually I share the repo access, but since this particular situation requires us to dial into our vpn and contact remote server with local domain name as container is in remote VM, I requested for remote session as this issue is tied to that.
But if you insist I'll share the code, please share your github email.
-
0
As i have mentioned earlier the values in db in tables "IdentityServerClients" are as same as that in the browser.
The problem is not related with IdentityServerClients, it is about ClientRedirectUris.
Please share related identityserver logs.
Since it is related with data, I can not help with looking at code. You need to check the database. Or, simply: Navigate to Administration -> IdentityServer -> Clients Actions -> Edit the Application you are having problem with (you can see that in identityserver log also) -> Application Urls -> Callback Add your production environment redirect uri as well.
-
0
Is there any way to add this in program? Like in appsettings? We only have the api project right now. the ui project is not being tested as of now.
Thanks
-
0
Please share identity server logs.
Is there any way to add this in program?
What do you mean by this?
You can update identityserver data seeder and run dbmigrator. Or manually add/edit AbpClientRedirectUris table.
Also did I mention about sharing related identity server logs which is the suggested way to troubleshoot identityserver related errors by identityserver team itself?
-
0
We're using a non tiered version of the abp project template, In this case will we have a separate log for identity? Or is it enough that i share the logs file? If so, click here to view the application logs. If not, please let me know from where to get it.
Thanks
-
0
It seems your environment is
2021-10-06 12:02:43.701 +00:00 [INF] Hosting environment: Development
and you are using dns (zoolworks).2021-10-06 13:37:22.524 +00:00 [ERR] Invalid redirect_uri: https://zoolworks:44337/swagger/oauth2-redirect.html {"ClientId":"LeaveMgmtSvc_Swagger","ClientName":"LeaveMgmtSvc_Swagger","RedirectUri":null,"AllowedRedirectUris":["https://localhost:44337/swagger/oauth2-redirect.html"],"SubjectId":"anonymous","ResponseType":null,"ResponseMode":null,"GrantType":null,"RequestedScopes":"","State":null,"UiLocales":null,"Nonce":null,"AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":"","MaxAge":null,"LoginHint":null,"SessionId":null,"Raw":{"response_type":"code","client_id":"LeaveMgmtSvc_Swagger","redirect_uri":"https://zoolworks:44337/swagger/oauth2-redirect.html","scope":"LeaveMgmtSvc","state":""}
Your LeaveMgmtSvc_Swagger client has allowed
https://localhost:44337/swagger/oauth2-redirect.html
redirect uri however you are making request with a configuration containinghttps://zoolworks:44337/swagger/oauth2-redirect.html
So you need to add https://zoolworks:44337/swagger/oauth2-redirect.html to
AbpClientRedirectUris
table where ClientId is the id of LeaveMgmtSvc_Swagger. -
0
-
0
Then you are looking to wrong database. There is supposed to be an already record for that client with https://localhost:44337/swagger/oauth2-redirect.html data.
Check your database connection string.