Impersonation of user within a specific tenant is not working #5173 | Support

bhasinp created one year ago

ABP Framework version: v5.1.3
UI type: Angular
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): yes / no
Exception message and stack trace:
Steps to reproduce the issue:"

Hi Team,

Impersonation works fine in case I Impersonate the user from master tenant.

When I logged into a specific tenant and try to impersonate user its not working Request: /connect/token (400 bad request) Reponse:"error": "invalid_request"

I checked and __tenant header is passing correctly

Form Body is as followed

access_token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjFDNUMzM0IwNjY0MDczNTYxRDE3N0RDMzAyMDkzM0VCIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2ODU1MjI3ODgsImV4cCI6MTcxNzA1ODc4OCwiaXNzIjoiaHR0cHM6Ly9tb3RydjIuY29tOjQ0MzY4IiwiYXVkIjoibW90ciIsImNsaWVudF9pZCI6Im1vdHJfQXBwIiwic3ViIjoiODAxOGQ2OWMtODQ3Ny0zN2VhLWRjOTEtM2EwYTg4OGY3OGFjIiwiYXV0aF90aW1lIjoxNjg1NTIyNzgwLCJpZHAiOiJsb2NhbCIsInRlbmFudGlkIjoiMzdmNjAyZjAtZjg5NS0yYTAwLTdkNzctM2EwYTg4OGY3NjYzIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvZ2l2ZW5uYW1lIjoiYWRtaW4iLCJ1bmlxdWVfbmFtZSI6ImFkbWluIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJnaXZlbl9uYW1lIjoiYWRtaW4iLCJyb2xlIjoiYWRtaW4iLCJwaG9uZV9udW1iZXJfdmVyaWZpZWQiOiJGYWxzZSIsImVtYWlsIjoibWlrZS50b2JpYXNAbWVyY2FuaXguY29tIiwiZW1haWxfdmVyaWZpZWQiOiJGYWxzZSIsImVkaXRpb25pZCI6IjkwY2UzZGVlLWVmNjEtYmU4Ni1jZDJkLTNhMDFmMWIzZDA3NyIsIm5hbWUiOiJhZG1pbiIsInNpZCI6IjkxRkZCMkY5MEFERkVBMUVBMENGNDc5NTA5MDJFNjhEIiwiaWF0IjoxNjg1NTIyNzg4LCJzY29wZSI6WyJvcGVuaWQiLCJtb3RyIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.V0D_5BxCvv_LVufBrKq-yrckIQpbh4TWdwH9TwFZK6B3OXLUrLK8ONOM5irIFgmx3_dSQnKSgsWqxc_L8OInqfdTw2i3eqBPU1q2PRUAPh7uvQiLR_2a7iib3YVrtAmOka9sOz5ajsnqrC4z4-l-9ah9zyvT2yF-16bXEMlZALLSpo__Hmm0YwtcDAX1EP3y__ja6VjiSB6aJxzU0FGsoJlENznRv0voWU--Uqfx6DnrgkZZLvLN5OopRDHPYjKDHVgSvpw_vo47DMxz571fGcOB-wc9n47gY5GJtRhEJdog2wBL-j0rdCKYNskDmd9dzeGmb_2PnBLZTzwvoBThbw grant_type: Impersonation Client_Id: xxxx_App Client_Secret: null TenantId: xxx-xxx-x-xx--x UserId: exxxxe5f-e668-3be9-f01d-3a0b8341fxxx

4 Answer(s)

0

liangshiwei created one year ago
Support Team Fullstack Developer

Reponse:"error": "invalid_request"

Could you share the full error logs? thanks.
0

bhasinp created one year ago

Hi Thanks for reply

Here are the logs.

https://drive.google.com/file/d/14iT1yi5WXJBtT6OfSlyJmsYsWbh8OvVK/view?usp=drive_link

Thanks

liangshiwei created one year ago

Support Team Fullstack Developer

System.ArgumentNullException: Value cannot be null. (Parameter 'value')
   at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue)
   at System.Security.Claims.Claim..ctor(String type, String value)
   at Volo.Abp.Account.Web.ExtensionGrantValidators.ImpersonationExtensionGrantValidator.ImpersonateUserAsync(ExtensionGrantValidationContext context, Nullable`1 tenantId, Guid userId) in D:\Teams\Work\Initto\mot-r-V2\aspnet-core\modules\Volo.Account.Pro\src\Volo.Abp.Account.Pro.Public.Web.IdentityServer\ExtensionGrantValidators\ImpersonationExtensionGrantValidator.cs:line 242
   at Volo.Abp.Account.Web.ExtensionGrantValidators.ImpersonationExtensionGrantValidator.ValidateAsync(ExtensionGrantValidationContext context) in D:\Teams\Work\Initto\mot-r-V2\aspnet-core\modules\Volo.Account.Pro\src\Volo.Abp.Account.Pro.Public.Web.IdentityServer\ExtensionGrantValidators\ImpersonationExtensionGrantValidator.cs:line 124
   at IdentityServer4.Validation.ExtensionGrantValidator.ValidateAsync(ValidatedTokenRequest request)

Abp is trying to add the current tenant's name to the claims, but the tenant's name is null. Can you check this tenant?

0

bhasinp created one year ago

Hi Team,

Thanks, this resolved my issue.

Have an answer to this question? Log in and write your answer.