Open Closed

Blank page after log out #4730


User avatar
0
pablo@ccalp.net created
  • ABP Framework version: v7.0.3
  • UI type: Angular
  • DB provider: EF Core
  • Steps to reproduce the issue:"

Just upgraded to the latest version and now I'm experiencing an issue when logging out, it redirects me to this page "https://localhost:44349/connect/logout?" and the page is blank. Before the migration, it used to redirect me to the login page.

Also when logging out, now I'm seeing that the post_logout_redirect_url is ivalid. The logout request was rejected because the specified post_logout_redirect_uri was invalid: https://tenanta.ccalp.net.

This is a multitenant app, so I need to set a wildcard url in openiddict but it is not letting me.

I'm using Resource Owner Password Flow in Angular, and the Domain Tenant Resolver.


16 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can refer to this sample.

    https://github.com/abpframework/abp-samples/blob/master/DomainTenantResolver/OpenIddict/NG/aspnet-core/src/BookStore.HttpApi.Host/BookStoreHttpApiHostModule.cs#L63-L92

  • User Avatar
    0
    pablo@ccalp.net created

    That's what I used, but not working. By the way, I switched from Resource Owner Password to the standard one that redirects to do the auth. How should the Openiddict Applications be configured? I'm using whatever was created by the default migrations.

    public override void PreConfigureServices(ServiceConfigurationContext context)
    {
        var hostingEnvironment = context.Services.GetHostingEnvironment();
    
        PreConfigure<OpenIddictBuilder>(builder =>
        {
            builder.AddValidation(options =>
            {
                options.AddAudiences("CompuCare");
                options.UseLocalServer();
                options.UseAspNetCore();
            });
        });
    
        PreConfigure<AbpOpenIddictWildcardDomainOptions>(options =>
        {
            options.EnableWildcardDomainSupport = true;
            options.WildcardDomainsFormat.Add("https://{0}.ccalp.net/signin-oidc");
            options.WildcardDomainsFormat.Add("https://{0}.ccalp.net/signout-callback-oidc");
        });
    
       
    public override void ConfigureServices(ServiceConfigurationContext context)
    {
        var configuration = context.Services.GetConfiguration();
        var hostingEnvironment = context.Services.GetHostingEnvironment();
    
        // ***********************
        // Custom Configs
        // ***********************
    
        context.Services.AddResponseCaching();
    
        Configure<AbpTenantResolveOptions>(options =>
        {
            options.AddDomainTenantResolver("{0}.api.ccalp.net");
        });
    

    Pasting the log file in the next message.

  • User Avatar
    0
    pablo@ccalp.net created

    Log File

    2023-03-20 16:45:38.950 +00:00 [INF] Client validation failed because 'https://ccalp.net' was not a valid redirect_uri for CompuCare_App.
    2023-03-20 16:45:38.950 +00:00 [INF] The authorization request was rejected because the redirect_uri was invalid: 'https://ccalp.net'.
    2023-03-20 16:45:38.972 +00:00 [INF] The response could not be cached for this request.
    2023-03-20 16:45:38.982 +00:00 [INF] Request finished HTTP/1.1 GET http://api.ccalp.net/connect/authorize?response_type=code&client_id=CompuCare_App&state=SXozejByamcxam9ibGMxUndueUtPdmdlekpLSDlzeExGUmMySFBhX3RxbV9H&redirect_uri=https%3A%2F%2Fccalp.net&scope=openid%20offline_access%20CompuCare&code_challenge=mby31qqbtuatfUUDCR6Llb2izIroRqr6qE-jj8Ggoos&code_challenge_method=S256&nonce=SXozejByamcxam9ibGMxUndueUtPdmdlekpLSDlzeExGUmMySFBhX3RxbV9H&culture=en&ui-culture=en - - - 302 0 - 88.2534ms
    2023-03-20 16:45:39.028 +00:00 [INF] Request starting HTTP/1.1 GET http://api.ccalp.net/Error?httpStatusCode=400 - -
    2023-03-20 16:45:39.028 +00:00 [INF] No cached response available for this request.
    2023-03-20 16:45:39.056 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
    2023-03-20 16:45:39.056 +00:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).
    2023-03-20 16:45:39.066 +00:00 [INF] Executing ViewResult, running view ~/Views/Error/Default.cshtml.
    2023-03-20 16:45:39.161 +00:00 [INF] Executed ViewResult - view ~/Views/Error/Default.cshtml executed in 94.2435ms.
    2023-03-20 16:45:39.161 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 104.8771ms
    2023-03-20 16:45:39.161 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
    2023-03-20 16:45:39.161 +00:00 [INF] The response could not be cached for this request.
    2023-03-20 16:45:39.161 +00:00 [INF] Request finished HTTP/1.1 GET http://api.ccalp.net/Error?httpStatusCode=400 - - - 400 - text/html;+charset=utf-8 133.2881ms
    2023-03-20 16:45:39.225 +00:00 [INF] Request starting HTTP/1.1 GET http://api.ccalp.net/Abp/ApplicationConfigurationScript - -
    2023-03-20 16:45:39.225 +00:00 [INF] No cached response available for this request.
    2023-03-20 16:45:39.240 +00:00 [INF] Request starting HTTP/1.1 GET http://api.ccalp.net/__bundles/LeptonX.Global.DD44B0ECF605910A5B8FAD560D306DDE.js?_v=638149274977838065 - -
    2023-03-20 16:45:39.241 +00:00 [INF] No cached response available for this request.
    2023-03-20 16:45:39.249 +00:00 [INF] Request starting HTTP/1.1 GET http://api.ccalp.net/__bundles/Views.Error.DefaultErrorComponent.default.F15FCDEA56EC024E1CDCD86CA6B586D8.css?_v=638149274932427199 - -
    2023-03-20 16:45:39.249 +00:00 [INF] No cached response available for this request.
    2023-03-20 16:45:39.257 +00:00 [INF] Request starting HTTP/1.1 GET http://api.ccalp.net/__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css?_v=638149274949508529 - -
    2023-03-20 16:45:39.257 +00:00 [INF] No cached response available for this request.
    2023-03-20 16:45:39.267 +00:00 [INF] The file /__bundles/Views.Error.DefaultErrorComponent.default.F15FCDEA56EC024E1CDCD86CA6B586D8.css was not modified
    2023-03-20 16:45:39.267 +00:00 [INF] The response could not be cached for this request.
    2023-03-20 16:45:39.267 +00:00 [INF] Request finished HTTP/1.1 GET http://api.ccalp.net/__bundles/Views.Error.DefaultErrorComponent.default.F15FCDEA56EC024E1CDCD86CA6B586D8.css?_v=638149274932427199 - - - 304 - text/css 17.7976ms
    2023-03-20 16:45:39.267 +00:00 [INF] Request starting HTTP/1.1 GET http://api.ccalp.net/Abp/ApplicationLocalizationScript?cultureName=en - -
    2023-03-20 16:45:39.267 +00:00 [INF] No cached response available for this request.
    2023-03-20 16:45:39.275 +00:00 [INF] The file /__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css was not modified
    2023-03-20 16:45:39.275 +00:00 [INF] The response could not be cached for this request.
    2023-03-20 16:45:39.275 +00:00 [INF] Request finished HTTP/1.1 GET http://api.ccalp.net/__bundles/LeptonX.Global.9325FB768F9C0093DC4664395D730921.css?_v=638149274949508529 - - - 304 - text/css 22.9672ms
    2023-03-20 16:45:39.276 +00:00 [INF] Request starting HTTP/1.1 GET http://api.ccalp.net/Abp/ServiceProxyScript - -
    2023-03-20 16:45:39.276 +00:00 [INF] No cached response available for this request.
    2023-03-20 16:45:39.284 +00:00 [INF] The file /__bundles/LeptonX.Global.DD44B0ECF605910A5B8FAD560D306DDE.js was not modified
    2023-03-20 16:45:39.285 +00:00 [INF] The response could not be cached for this request.
    2023-03-20 16:45:39.285 +00:00 [INF] Request finished HTTP/1.1 GET http://api.ccalp.net/__bundles/LeptonX.Global.DD44B0ECF605910A5B8FAD560D306DDE.js?_v=638149274977838065 - - - 304 - application/javascript 44.2280ms
    2023-03-20 16:45:39.322 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
    2023-03-20 16:45:39.322 +00:00 [INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationLocalizationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.ActionResult] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationRequestDto) on controller Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController (Volo.Abp.AspNetCore.Mvc).
    2023-03-20 16:45:39.331 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)'
    2023-03-20 16:45:39.331 +00:00 [INF] Route matched with {area = "Abp", action = "Get", controller = "AbpApplicationConfigurationScript", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.ActionResult] Get() on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController (Volo.Abp.AspNetCore.Mvc).
    2023-03-20 16:45:39.340 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)'
    2023-03-20 16:45:39.340 +00:00 [INF] Route matched with {area = "Abp", action = "GetAll", controller = "AbpServiceProxyScript", page = ""}. Executing controller action with signature Microsoft.AspNetCore.Mvc.ActionResult GetAll(Volo.Abp.AspNetCore.Mvc.ProxyScripting.ServiceProxyGenerationModel) on controller Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController (Volo.Abp.AspNetCore.Mvc).
    2023-03-20 16:45:39.569 +00:00 [INF] Executing ContentResult with HTTP Response ContentType of application/javascript
    2023-03-20 16:45:39.569 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) in 237.6933ms
    2023-03-20 16:45:39.569 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)'
    2023-03-20 16:45:39.569 +00:00 [INF] The response could not be cached for this request.
    2023-03-20 16:45:39.581 +00:00 [INF] Request finished HTTP/1.1 GET http://api.ccalp.net/Abp/ApplicationConfigurationScript - - - 200 6827 application/javascript 344.3676ms
    2023-03-20 16:45:39.590 +00:00 [INF] Executing ContentResult with HTTP Response ContentType of application/javascript
    2023-03-20 16:45:39.590 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 267.9214ms
    2023-03-20 16:45:39.590 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
    2023-03-20 16:45:39.598 +00:00 [INF] The response could not be cached for this request.
    2023-03-20 16:45:39.598 +00:00 [INF] Request finished HTTP/1.1 GET http://api.ccalp.net/Abp/ApplicationLocalizationScript?cultureName=en - - - 200 59580 application/javascript 330.7286ms
    2023-03-20 16:45:39.648 +00:00 [INF] Executing ContentResult with HTTP Response ContentType of application/javascript
    2023-03-20 16:45:39.648 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc) in 308.115ms
    2023-03-20 16:45:39.648 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)'
    2023-03-20 16:45:39.658 +00:00 [INF] The response could not be cached for this request.
    2023-03-20 16:45:39.658 +00:00 [INF] Request finished HTTP/1.1 GET http://api.ccalp.net/Abp/ServiceProxyScript - - - 200 56340 application/javascript 382.6649ms
    2023-03-20 16:45:46.175 +00:00 [INF] Request starting HTTP/1.1 GET http://api.ccalp.net/favicon.ico - -
    2023-03-20 16:45:46.175 +00:00 [INF] No cached response available for this request.
    2023-03-20 16:45:46.200 +00:00 [INF] The response could not be cached for this request.
    2023-03-20 16:45:46.201 +00:00 [INF] Request finished HTTP/1.1 GET http://api.ccalp.net/favicon.ico - - - 302 0 - 25.8412ms
    2023-03-20 16:45:46.239 +00:00 [INF] Request starting HTTP/1.1 GET http://api.ccalp.net/Error?httpStatusCode=404 - -
    2023-03-20 16:45:46.239 +00:00 [INF] No cached response available for this request.
    2023-03-20 16:45:46.245 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
    2023-03-20 16:45:46.245 +00:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared).
    2023-03-20 16:45:46.252 +00:00 [INF] Executing ViewResult, running view ~/Views/Error/404.cshtml.
    2023-03-20 16:45:46.283 +00:00 [INF] Executed ViewResult - view ~/Views/Error/404.cshtml executed in 30.7539ms.
    2023-03-20 16:45:46.283 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 38.411ms
    2023-03-20 16:45:46.283 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)'
    2023-03-20 16:45:46.283 +00:00 [INF] The response could not be cached for this request.
    2023-03-20 16:45:46.283 +00:00 [INF] Request finished HTTP/1.1 GET http://api.ccalp.net/Error?httpStatusCode=404 - - - 404 - text/html;+charset=utf-8 44.5447ms
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Please share the logs of AuthServer when you get 400.

  • User Avatar
    0
    pablo@ccalp.net created

    Is this what you are looking for? IS there a way I can upload the entire log file?

    2023-03-20 16:45:38.303 +00:00 [INF] Request finished HTTP/1.1 GET http://api.ccalp.net/api/abp/application-localization?cultureName=en&onlyDynamics=false - - - 200 - application/json;+charset=utf-8 33.4436ms 2023-03-20 16:45:38.894 +00:00 [INF] Request starting HTTP/1.1 GET http://api.ccalp.net/connect/authorize?response_type=code&client_id=CompuCare_App&state=SXozejByamcxam9ibGMxUndueUtPdmdlekpLSDlzeExGUmMySFBhX3RxbV9H&redirect_uri=https%3A%2F%2Fccalp.net&scope=openid%20offline_access%20CompuCare&code_challenge=mby31qqbtuatfUUDCR6Llb2izIroRqr6qE-jj8Ggoos&code_challenge_method=S256&nonce=SXozejByamcxam9ibGMxUndueUtPdmdlekpLSDlzeExGUmMySFBhX3RxbV9H&culture=en&ui-culture=en - - 2023-03-20 16:45:38.894 +00:00 [INF] No cached response available for this request. 2023-03-20 16:45:38.922 +00:00 [INF] The request URI matched a server endpoint: "Authorization". 2023-03-20 16:45:38.923 +00:00 [INF] The authorization request was successfully extracted: { "response_type": "code", "client_id": "CompuCare_App", "state": "SXozejByamcxam9ibGMxUndueUtPdmdlekpLSDlzeExGUmMySFBhX3RxbV9H", "redirect_uri": "https://ccalp.net", "scope": "openid offline_access CompuCare", "code_challenge": "mby31qqbtuatfUUDCR6Llb2izIroRqr6qE-jj8Ggoos", "code_challenge_method": "S256", "nonce": "SXozejByamcxam9ibGMxUndueUtPdmdlekpLSDlzeExGUmMySFBhX3RxbV9H", "culture": "en", "ui-culture": "en" }. 2023-03-20 16:45:38.950 +00:00 [INF] Client validation failed because 'https://ccalp.net' was not a valid redirect_uri for CompuCare_App. 2023-03-20 16:45:38.950 +00:00 [INF] The authorization request was rejected because the redirect_uri was invalid: 'https://ccalp.net'. 2023-03-20 16:45:38.972 +00:00 [INF] The response could not be cached for this request. 2023-03-20 16:45:38.982 +00:00 [INF] Request finished HTTP/1.1 GET http://api.ccalp.net/connect/authorize?response_type=code&client_id=CompuCare_App&state=SXozejByamcxam9ibGMxUndueUtPdmdlekpLSDlzeExGUmMySFBhX3RxbV9H&redirect_uri=https%3A%2F%2Fccalp.net&scope=openid%20offline_access%20CompuCare&code_challenge=mby31qqbtuatfUUDCR6Llb2izIroRqr6qE-jj8Ggoos&code_challenge_method=S256&nonce=SXozejByamcxam9ibGMxUndueUtPdmdlekpLSDlzeExGUmMySFBhX3RxbV9H&culture=en&ui-culture=en - - - 302 0 - 88.2534ms 2023-03-20 16:45:39.028 +00:00 [INF] Request starting HTTP/1.1 GET http://api.ccalp.net/Error?httpStatusCode=400 - - 2023-03-20 16:45:39.028 +00:00 [INF] No cached response available for this request. 2023-03-20 16:45:39.056 +00:00 [INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' 2023-03-20 16:45:39.056 +00:00 [INF] Route matched with {action = "Index", controller = "Error", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(Int32) on controller Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared). 2023-03-20 16:45:39.066 +00:00 [INF] Executing ViewResult, running view ~/Views/Error/Default.cshtml. 2023-03-20 16:45:39.161 +00:00 [INF] Executed ViewResult - view ~/Views/Error/Default.cshtml executed in 94.2435ms. 2023-03-20 16:45:39.161 +00:00 [INF] Executed action Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared) in 104.8771ms 2023-03-20 16:45:39.161 +00:00 [INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared.Controllers.ErrorController.Index (Volo.Abp.AspNetCore.Mvc.UI.Theme.Shared)' 2023-03-20 16:45:39.161 +00:00 [INF] The response could not be cached for this request. 2023-03-20 16:45:39.161 +00:00 [INF] Request finished HTTP/1.1 GET http://api.ccalp.net/Error?httpStatusCode=400 - - - 400 - text/html;+charset=utf-8 133.2881ms

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    **Client validation failed because 'https://ccalp.net' was not a valid redirect_uri for CompuCare_App.
    The authorization request was rejected because the redirect_uri was invalid: 'https://ccalp.net'.**
    

    What's the application definition of CompuCare_App in the database?

    I think adding options.WildcardDomainsFormat.Add("https://ccalp.net"); will solve it. but you better add https://ccalp.net to CompuCare_App as its redirect_uri.

      PreConfigure(options =>
        {
            options.EnableWildcardDomainSupport = true;
            options.WildcardDomainsFormat.Add("https://ccalp.net");
            options.WildcardDomainsFormat.Add("https://{0}.ccalp.net/signin-oidc");
            options.WildcardDomainsFormat.Add("https://{0}.ccalp.net/signout-callback-oidc");
        });
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

  • User Avatar
    0
    pablo@ccalp.net created

    I had to add each domain so that it works for now but will try adding https://ccalp.net in the code and see if it works. I can't keep adding tenants to the URLs.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    ok

    You can try that.

      PreConfigure(options =>
        {
            options.EnableWildcardDomainSupport = true;
            options.WildcardDomainsFormat.Add("https://ccalp.net");
            options.WildcardDomainsFormat.Add("other domains")
            options.WildcardDomainsFormat.Add("https://{0}.ccalp.net/signin-oidc");
            options.WildcardDomainsFormat.Add("https://{0}.ccalp.net/signout-callback-oidc");
        });
    
  • User Avatar
    0
    pablo@ccalp.net created

    I don't think the following is working:

        PreConfigure<AbpOpenIddictWildcardDomainOptions>(options =>
        {
            options.EnableWildcardDomainSupport = true;
            options.WildcardDomainsFormat.Add("https://ccalp.net");
            options.WildcardDomainsFormat.Add("https://api.ccalp.net");
            options.WildcardDomainsFormat.Add("https://{0}.ccalp.net/signin-oidc");
            options.WildcardDomainsFormat.Add("https://{0}.api.ccalp.net/signin-oidc");
            options.WildcardDomainsFormat.Add("https://{0}.ccalp.net/signout-callback-oidc");
            options.WildcardDomainsFormat.Add("https://{0}.api.ccalp.net/signout-callback-oidc");
        });
    

    We have over 50 tenants (subdomains) and I can't add them all here or in the database, it is just not maintainable. We need the wildcard to work.

    What would be the right configuration both for the database and for the code?

    The client (angular) application domain is: "ccalp.net" (localhost:4200) The API domain is: "api.ccalp.net" (localhost:44349)

    And each tenant will be in their own subdomain: [tenant-database].ccalp.net [tenant-database].api.ccalp.net

    Please we need this resolved ASAP.

    Thank you.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I don't think the following is working:

    Have you tried it? This is the correct way to do it now. And I believe it will work.

  • User Avatar
    0
    pablo@ccalp.net created

    I have tried it, and the only way it is working is if I add the tenant's subdomains to the database, otherwise, when I log out I keep getting a 400 error.

    CompuCare_App | [ "http://localhost:4200" , "https://ccalp.net" , "https://tenanta.ccalp.net" , "https://westchester.ccalp.net" ]

        PreConfigure<AbpOpenIddictWildcardDomainOptions>(options =>
        {
            options.EnableWildcardDomainSupport = true;
            options.WildcardDomainsFormat.Add("https://ccalp.net");
            options.WildcardDomainsFormat.Add("https://api.ccalp.net");
    
            options.WildcardDomainsFormat.Add("https://{0}.ccalp.net");
            options.WildcardDomainsFormat.Add("https://{0}.ccalp.net/signin-oidc");
            options.WildcardDomainsFormat.Add("https://{0}.ccalp.net/signout-callback-oidc");
    
            options.WildcardDomainsFormat.Add("https://{0}.api.ccalp.net");
            options.WildcardDomainsFormat.Add("https://{0}.api.ccalp.net/signin-oidc");
            options.WildcardDomainsFormat.Add("https://{0}.api.ccalp.net/signout-callback-oidc");
        });
    

    2023-03-22 00:35:50.926 +00:00 [INF] Request starting HTTP/1.1 GET http://tenanta.api.ccalp.net/connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjBCRUIwRkE3QkJDQ0IwMEM1NDhDRkMxQUQwQkYxMUE0OERCMEZGN0QiLCJ4NXQiOiJDLXNQcDd2TXNBeFVqUHdhMEw4UnBJMndfMzAiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiJiMGJkNjdlYS01N2UwLWU3ZDEtNTIwOC0zYTBhMGE2ZGQ1OTYiLCJ0ZW5hbnRpZCI6Ijc1MTlmZjEwLTE1MDQtNWQ1Ny1kYTNkLTNhMGEwYTZkYjdjNSIsIm9pX2F1X2lkIjoiYWEyZGJlNjEtOGNmNS1jMDQxLWFkOTAtM2EwYTE4OTM0OGFhIiwiYXpwIjoiQ29tcHVDYXJlX0FwcCIsIm5vbmNlIjoiTkVaUmVuWjJiRkpFZUVWWlRtdEJaRVUwUVVkb00wRjZVVTB4ZEY5dWRsOURjSHBuV1VKd1JqbHlUelZFIiwiYXRfaGFzaCI6IlU4V0FvSTBqUTFOeGNEZHA0bXJic2ciLCJvaV90a25faWQiOiJmNDVhNzBiOS0yZTY0LTJhOTQtN2Y3My0zYTBhMThlYjBiM2IiLCJhdWQiOiJDb21wdUNhcmVfQXBwIiwiZXhwIjoxNjc5NDQ2NTQwLCJpc3MiOiJodHRwczovL3RlbmFudGEuYXBpLmNjYWxwLm5ldC8iLCJpYXQiOjE2Nzk0NDUzNDB9.IxqT1V0i71NTLrWujtDvIWLy9E-BIi6x278Q1m-ztGFJefi4TzoKYb0VgLNWy6GSGjTHsW6t_Dd0DaSuLg5Ulit6hWZEELOCwkKxA3-EiUCjaXQwKcRAJXLYyS6pAfptJTOOe_5LME-rYtbIYYrnGAc2efekGuO1FeayxJaFFACJ77AnySgssUUii3BmkhFRyhTyuiBCU-oH_SaZ7okVvMx2bUBeV05MM8NvjU3Q41PsbRPUnOEwwiukoyH7UTCV6MiHkzqREurtMVOa5bfE76D_ocupqLXdFqcjK-qnoXK2H4tgWhsfAvoAz93_Xb3yCXRXQCvc2nlBTFeuekb0FQ&post_logout_redirect_uri=https%3A%2F%2Ftenanta.ccalp.net&culture=en&ui-culture=en - - 2023-03-22 00:35:50.926 +00:00 [INF] No cached response available for this request. 2023-03-22 00:35:50.927 +00:00 [INF] The request URI matched a server endpoint: "Logout". 2023-03-22 00:35:50.927 +00:00 [INF] The logout request was successfully extracted: { "id_token_hint": "[redacted]", "post_logout_redirect_uri": "https://tenanta.ccalp.net", "culture": "en", "ui-culture": "en" }. 2023-03-22 00:35:51.001 +00:00 [WRN] The logout request was rejected because the identity token used as a hint was issued to a different client. 2023-03-22 00:35:51.001 +00:00 [INF] The response could not be cached for this request. 2023-03-22 00:35:51.019 +00:00 [INF] Request finished HTTP/1.1 GET http://tenanta.api.ccalp.net/connect/logout?id_token_hint=eyJhbGciOiJSUzI1NiIsImtpZCI6IjBCRUIwRkE3QkJDQ0IwMEM1NDhDRkMxQUQwQkYxMUE0OERCMEZGN0QiLCJ4NXQiOiJDLXNQcDd2TXNBeFVqUHdhMEw4UnBJMndfMzAiLCJ0eXAiOiJKV1QifQ.eyJzdWIiOiJiMGJkNjdlYS01N2UwLWU3ZDEtNTIwOC0zYTBhMGE2ZGQ1OTYiLCJ0ZW5hbnRpZCI6Ijc1MTlmZjEwLTE1MDQtNWQ1Ny1kYTNkLTNhMGEwYTZkYjdjNSIsIm9pX2F1X2lkIjoiYWEyZGJlNjEtOGNmNS1jMDQxLWFkOTAtM2EwYTE4OTM0OGFhIiwiYXpwIjoiQ29tcHVDYXJlX0FwcCIsIm5vbmNlIjoiTkVaUmVuWjJiRkpFZUVWWlRtdEJaRVUwUVVkb00wRjZVVTB4ZEY5dWRsOURjSHBuV1VKd1JqbHlUelZFIiwiYXRfaGFzaCI6IlU4V0FvSTBqUTFOeGNEZHA0bXJic2ciLCJvaV90a25faWQiOiJmNDVhNzBiOS0yZTY0LTJhOTQtN2Y3My0zYTBhMThlYjBiM2IiLCJhdWQiOiJDb21wdUNhcmVfQXBwIiwiZXhwIjoxNjc5NDQ2NTQwLCJpc3MiOiJodHRwczovL3RlbmFudGEuYXBpLmNjYWxwLm5ldC8iLCJpYXQiOjE2Nzk0NDUzNDB9.IxqT1V0i71NTLrWujtDvIWLy9E-BIi6x278Q1m-ztGFJefi4TzoKYb0VgLNWy6GSGjTHsW6t_Dd0DaSuLg5Ulit6hWZEELOCwkKxA3-EiUCjaXQwKcRAJXLYyS6pAfptJTOOe_5LME-rYtbIYYrnGAc2efekGuO1FeayxJaFFACJ77AnySgssUUii3BmkhFRyhTyuiBCU-oH_SaZ7okVvMx2bUBeV05MM8NvjU3Q41PsbRPUnOEwwiukoyH7UTCV6MiHkzqREurtMVOa5bfE76D_ocupqLXdFqcjK-qnoXK2H4tgWhsfAvoAz93_Xb3yCXRXQCvc2nlBTFeuekb0FQ&post_logout_redirect_uri=https%3A%2F%2Ftenanta.ccalp.net&culture=en&ui-culture=en - - - 302 0 - 75.1705ms 2023-03-22 00:35:51.071 +00:00 [INF] Request starting HTTP/1.1 GET http://tenanta.api.ccalp.net/Error?httpStatusCode=400 - -

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    This PR will fix the The logout request was rejected because the identity token used as a hint was issued to a different client.

    https://github.com/abpframework/abp/pull/15898

    I will share a solution in 7.0.3, wait a minute.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer
    PreConfigure<OpenIddictServerBuilder>(builder =>
    {
        builder.RemoveEventHandler(OpenIddictServerHandlers.Session.ValidateAuthorizedParty.Descriptor);
        builder.AddEventHandler(AbpValidateAuthorizedParty.Descriptor);
    }
    
    using Microsoft.Extensions.Options;
    using OpenIddict.Abstractions;
    using OpenIddict.Server;
    using Volo.Abp;
    using Volo.Abp.OpenIddict.WildcardDomains;
    using Volo.Abp.Text.Formatting;
    
    namespace OpenIddict.Demo.Server;
    
    public class AbpValidateAuthorizedParty : IOpenIddictServerHandler<OpenIddictServerEvents.ValidateLogoutRequestContext>
    {
        public static OpenIddictServerHandlerDescriptor Descriptor { get; }
            = OpenIddictServerHandlerDescriptor.CreateBuilder<OpenIddictServerEvents.ValidateLogoutRequestContext>()
                .UseScopedHandler<AbpValidateAuthorizedParty>()
                .SetOrder(OpenIddictServerHandlers.Session.ValidateToken.Descriptor.Order + 1_000)
                .SetType(OpenIddictServerHandlerType.BuiltIn)
                .Build();
        protected AbpOpenIddictWildcardDomainOptions WildcardDomainOptions { get; }
        protected IOpenIddictApplicationManager ApplicationManager { get; }
    
        public AbpValidateAuthorizedParty(IOptions<AbpOpenIddictWildcardDomainOptions> wildcardDomainOptions,IOpenIddictApplicationManager applicationManager)
        {
            WildcardDomainOptions = wildcardDomainOptions.Value;
            ApplicationManager = applicationManager;
        }
    
        public async ValueTask HandleAsync(OpenIddictServerEvents.ValidateLogoutRequestContext context)
        {
            Check.NotNull(context, nameof(context));
            Check.NotNull(context.IdentityTokenHintPrincipal, nameof(context.IdentityTokenHintPrincipal));
    
            if (await CheckWildcardDomainAsync(context.PostLogoutRedirectUri))
            {
                return;
            }
    
            await new OpenIddictServerHandlers.Session.ValidateAuthorizedParty(ApplicationManager).HandleAsync(context);
        }
    
        protected virtual Task<bool> CheckWildcardDomainAsync(string url)
        {
            foreach (var domainFormat in WildcardDomainOptions.WildcardDomainsFormat)
            {
                var extractResult = FormattedStringValueExtracter.Extract(url, domainFormat, ignoreCase: true);
                if (extractResult.IsMatch)
                {
                    return Task.FromResult(true);
                }
            }
    
            foreach (var domainFormat in WildcardDomainOptions.WildcardDomainsFormat)
            {
                if (domainFormat.Replace("{0}.", "").Equals(url, StringComparison.OrdinalIgnoreCase))
                {
                    return Task.FromResult(true);
                }
            }
    
            return Task.FromResult(false);
        }
    }
    
    
  • User Avatar
    0
    pablo@ccalp.net created

    Where do I need to add that code?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Your AuthServer project

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11