How to enable Openiddict for multitenant #4404 | Support

Rajasekhar created one year ago

ABP Framework version: v7.0.0
UI type: MVC
DB provider: EF Core
Tiered (MVC): yes
Exception message and stack trace:
Steps to reproduce the issue:"

How to enable openiddict for multitenant.

I have replaced the source code instated of nugget package (openiddict). and modified the all entities for multitenant and permissions also changed to display the openiddict in tenant level menu Later I have created the one client application at tenant level.

While redirecting the my client application to openididct solutions it's showing error like, invalid client id. I am suspecting tenant not resolving at opendidict level. please help me in this part

15 Answer(s)

0

maliming created one year ago
Support Team Fullstack Developer

hi

First of all OpenIddict should not be designed to be multi-tenant.

, invalid client id.

Please check the log for error details.
0

Rajasekhar created one year ago

I need that requirement, Please do you have any customization for enable tenant level ? Please help on this part. it will very helpful for me
0

maliming created one year ago
Support Team Fullstack Developer

hi

you can give it a try. I think it will be no problem.

invalid client id.

Please check the log for error details.
0

Rajasekhar created one year ago

Yes Sure. I have tried to enable tenant level openidict. I am able to see the openiddict applications at tenant level, but while trying to login I am getting invalid_client. if you required the sample I will send you
0

maliming created one year ago
Support Team Fullstack Developer

invalid client id.

Please check the log for error details.
0

Anjaneyulu created one year ago

HI @maliming, we have created a basic abp project. @ https://github.com/rajasekhard2015/demo

Tried extending openid dict to tenant . Please check the commits to see what all changes we have made.

We were able to add client and do authentication. but we are having issue for logout.

Can you please help us. It very critical for our delivery.
0

maliming created one year ago
Support Team Fullstack Developer

hi

Please make your repository PRIVATE

https://github.com/maliming

What are the steps to reproduce?
0

Rajasekhar created one year ago

Done and invitation sent you id. will share you the reproducing steps
0

maliming created one year ago
Support Team Fullstack Developer

OK
0
Anjaneyulu created one year ago
Steps:

Run the demo server and login into application as host.

Create a tenant

Login into tenant page and add any openid client in the Openid applications

You can also check our sample ebanking in the test folder in repository

After adding an openid client in server, configure the client with the client,secret and default scopes.

Try logging in to the openid client application.

Try logout.

It is not logging out. If you open the url again it is navigating to the main page with out asking login credentials.

maliming created one year ago

Support Team Fullstack Developer

AuthServer needs to resolve the current tenant.

invalid client id.

But the request doesn't contain tenant information, so it can't find the tenant's client

Try to add the below code to demoWebModule.cs

app.UseRouting();

app.Use(async (httpContext, next) =>
{
    TenantConfiguration tenant = null;
    try
    {
        tenant = await httpContext.RequestServices.GetRequiredService<ITenantConfigurationProvider>().GetAsync(saveResolveResult: true);
    }
    catch (Exception e)
    {
        await next(httpContext);
    }

    var tenantResolveResultAccessor = httpContext.RequestServices.GetRequiredService<ITenantResolveResultAccessor>();
    if (tenantResolveResultAccessor.Result.AppliedResolvers.Contains(QueryStringTenantResolveContributor.ContributorName))
    {
        var currentTenant = httpContext.RequestServices.GetRequiredService<ICurrentTenant>();
        if (tenant?.Id != currentTenant.Id)
        {
            using (currentTenant.Change(tenant?.Id, tenant?.Name))
            {
                await next(httpContext);
                return;
            }
        }
    }

    await next(httpContext);
});

app.UseAuthentication();
app.UseAbpOpenIddictValidation();

if (MultiTenancyConsts.IsEnabled)
{
    app.UseMultiTenancy();
}

0

Rajasekhar created one year ago

I will check and let you know

maliming created one year ago

Support Team Fullstack Developer

Also add below code to your ebank project

AddAuthentication(options =>
    {
        options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = "oidc";
    })
    .AddCookie(options =>
    {
        options.ExpireTimeSpan = TimeSpan.FromMinutes(60);
        options.Cookie.Name = "ebanking2";
    })
    .AddOpenIdConnect("oidc", options =>
    {
        options.Authority = "https://localhost:44359/";
        options.RequireHttpsMetadata = true;

        //options.SignedOutRedirectUri = "";

        options.ClientId = "ebanking2";
        //options.ClientSecret = "test";
        options.Scope.Clear();
        options.Scope.Add("openid");
        options.Scope.Add("profile");
        options.Scope.Add("email");
        // options.Scope.Add("XSenseIdentity");

        options.SaveTokens = true;

        options.TokenValidationParameters = new TokenValidationParameters
        {
            NameClaimType = JwtClaimTypes.Name,
            RoleClaimType = JwtClaimTypes.Role,
        };

        options.Events.OnRedirectToIdentityProvider = redirectContext =>
        {
            redirectContext.ProtocolMessage.Parameters.Add("__tenant", "test");
            return Task.CompletedTask;
        };
    });

0

Rajasekhar created one year ago

sure.. currently i am using domain based tenant resolver. i will add this one also for query based tenant resolver
0

Rajasekhar created one year ago

Thanks for your valuable time with me.. Application working as per my requirement

Thank you Soo Much.....👍👍👍👍👍👍👍👍

Have an answer to this question? Log in and write your answer.