Open Closed

Error after adding scopes to OIDC after certain count #5449


User avatar
0
viswajwalith created
  • ABP Framework version: v5.1.3
  • UI type: MVC
  • DB provider: EF Core / MongoDB
  • Tiered (MVC) or Auth Server Separated (Angular): yes
  • Exception message and stack trace:
2023-07-22 07:12:09.728 +05:30 [ERR] scopes too long.
{"ClientId":"AppV3_Web","ClientName":"AppV3_Web","RedirectUri":"https://localhost:44321/signin-oidc","AllowedRedirectUris":["https://{0}.testsite.com/signin-oidc","https://{0}.localhost:44321/signin-oidc","https://testsitewebapp.azurewebsites.net/signin-oidc","https://localhost:44321/signin-oidc"],"SubjectId":"anonymous","ResponseType":"code id_token","ResponseMode":"form_post","GrantType":"hybrid","RequestedScopes":"","State":"CfDJ8FRhYrLUrBdPg2ipof6Ze141-m_C9hm-bhDu6hDNPXGK5T_WjNbAyxLhVFpOIFgSjTCNYYYcENYzyWm0aT4G_0SS_EfgdEO7EK9yqxhoHx8Z--fuxMFUmB9I07BG9mhXb4-KHVKfvGFN7I0TrkLHJCgid-RRd_xwriXqI4k5QWLSc3lzytcNjujmjU9VsNtsvwu40Klueh_5WXWwmXnWsrkuVMTDLmybdm3SRDgqAlzEUD6q-AKv_-EryW8VREewclQNkwM6CFSDzyOKw7aWolXlFzDrCZpDDoy_ZJZIkKf26al72l__tMQkUhXDkwDhWoCZpaI3EmvImjP4UoP6Uwc","UiLocales":null,"Nonce":null,"AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":"","MaxAge":null,"LoginHint":null,"SessionId":null,"Raw":{"LOGINUSING":"","client_id":"AppV3_Web","redirect_uri":"https://localhost:44321/signin-oidc","response_type":"code id_token","scope":"openid profile role email phone phone2 AuthServer IdentityService AdministrationService SaasService Test1Service Test2Service Test3Service Test4Service Test5Service Test6Service Test7Service Test8Service Test9Service Test10Service Forms FileManagement Test11Service Test12Service Te13PTWService","response_mode":"form_post","nonce":"638255869292291791.ZDk5M2NiMGUtNTIzOC00NDFiLWEwOTAtNjUwNTM2Y2JkMGZkNDg3NjM0NDEtM2ZkOC00ZDNkLWJhNTMtYzJlNDY5MTU1OGM0","state":"CfDJ8FRhYrLUrBdPg2ipof6Ze141-m_C9hm-bhDu6hDNPXGK5T_WjNbAyxLhVFpOIFgSjTCNYYYcENYzyWm0aT4G_0SS_EfgdEO7EK9yqxhoHx8Z--fuxMFUmB9I07BG9mhXb4-KHVKfvGFN7I0TrkLHJCgid-RRd_xwriXqI4k5QWLSc3lzytcNjujmjU9VsNtsvwu40Klueh_5WXWwmXnWsrkuVMTDLmybdm3SRDgqAlzEUD6q-AKv_-EryW8VREewclQNkwM6CFSDzyOKw7aWolXlFzDrCZpDDoy_ZJZIkKf26al72l__tMQkUhXDkwDhWoCZpaI3EmvImjP4UoP6Uwc","x-client-SKU":"ID_NET6_0","x-client-ver":"6.21.0.0"},"$type":"AuthorizeRequestValidationLog"}
2023-07-22 07:12:09.729 +05:30 [ERR] Request validation failed
2023-07-22 07:12:09.729 +05:30 [INF] {"ClientId":"AppV3_Web","ClientName":"AppV3_Web","RedirectUri":"https://localhost:44321/signin-oidc","AllowedRedirectUris":["https://{0}.demoehswatch.com/signin-oidc","https://{0}.localhost:44321/signin-oidc","https://testsitewebapp.azurewebsites.net/signin-oidc","https://localhost:44321/signin-oidc"],"SubjectId":"anonymous","ResponseType":"code id_token","ResponseMode":"form_post","GrantType":"hybrid","RequestedScopes":"","State":"CfDJ8FRhYrLUrBdPg2ipof6Ze141-m_C9hm-bhDu6hDNPXGK5T_WjNbAyxLhVFpOIFgSjTCNYYYcENYzyWm0aT4G_0SS_EfgdEO7EK9yqxhoHx8Z--fuxMFUmB9I07BG9mhXb4-KHVKfvGFN7I0TrkLHJCgid-RRd_xwriXqI4k5QWLSc3lzytcNjujmjU9VsNtsvwu40Klueh_5WXWwmXnWsrkuVMTDLmybdm3SRDgqAlzEUD6q-AKv_-EryW8VREewclQNkwM6CFSDzyOKw7aWolXlFzDrCZpDDoy_ZJZIkKf26al72l__tMQkUhXDkwDhWoCZpaI3EmvImjP4UoP6Uwc","UiLocales":null,"Nonce":null,"AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":"","MaxAge":null,"LoginHint":null,"SessionId":null,"Raw":{"LOGINUSING":"","client_id":"AppV3_Web","redirect_uri":"https://localhost:44321/signin-oidc","response_type":"code id_token","scope":"openid profile role email phone phone2 AuthServer IdentityService AdministrationService SaasService Test1Service Test2Service Test3Service Test4Service Test5Service Test6Service Test7Service Test8Service Test9Service Test10Service Forms FileManagement Test11Service Test12Service Te13PTWService","response_mode":"form_post","nonce":"638255869292291791.ZDk5M2NiMGUtNTIzOC00NDFiLWEwOTAtNjUwNTM2Y2JkMGZkNDg3NjM0NDEtM2ZkOC00ZDNkLWJhNTMtYzJlNDY5MTU1OGM0","state":"CfDJ8FRhYrLUrBdPg2ipof6Ze141-m_C9hm-bhDu6hDNPXGK5T_WjNbAyxLhVFpOIFgSjTCNYYYcENYzyWm0aT4G_0SS_EfgdEO7EK9yqxhoHx8Z--fuxMFUmB9I07BG9mhXb4-KHVKfvGFN7I0TrkLHJCgid-RRd_xwriXqI4k5QWLSc3lzytcNjujmjU9VsNtsvwu40Klueh_5WXWwmXnWsrkuVMTDLmybdm3SRDgqAlzEUD6q-AKv_-EryW8VREewclQNkwM6CFSDzyOKw7aWolXlFzDrCZpDDoy_ZJZIkKf26al72l__tMQkUhXDkwDhWoCZpaI3EmvImjP4UoP6Uwc","x-client-SKU":"ID_NET6_0","x-client-ver":"6.21.0.0"},"$type":"AuthorizeRequestValidationLog"}
2023-07-22 07:12:09.731 +05:30 [INF] {"ClientId":"AppV3_Web","ClientName":"AppV3_Web","RedirectUri":"https://localhost:44321/signin-oidc","Endpoint":"Authorize","SubjectId":null,"Scopes":"","GrantType":"hybrid","Error":"invalid_request","ErrorDescription":"Invalid scope","Category":"Token","Name":"Token Issued Failure","EventType":"Failure","Id":2001,"Message":null,"ActivityId":"0HMS9T4RN05FV:00000001","TimeStamp":"2023-07-22T01:42:09.0000000Z","ProcessId":11196,"LocalIpAddress":"::1:44322","RemoteIpAddress":"::1","$type":"TokenIssuedFailureEvent"}
  • Steps to reproduce the issue:" Just add scopes to the OIDC provider (add scopes around 20+)

When we are adding more scopes to OIDC (due to the number of Micro services we are having), after reaching around 20 scopes getting the scopes tooo long error.

What is the process to increase the length or modify the code to add all service scopes as a single scope


5 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can try this:

    Configure<IdentityServerOptions>(builder =>
    {
        builder.InputLengthRestrictions.Scope = 1000000;
    });
    

    https://identityserver4.readthedocs.io/en/latest/reference/options.html#inputlengthrestrictions

  • User Avatar
    0
    viswajwalith created

    1000000

    Thanks for the input but unfortunately it didn't worked. I tried adding in both Web UI Layer & Auth server but no luck.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    It shouldn't get the error again

  • User Avatar
    0
    viswajwalith created

    hi

    It shouldn't get the error again

    Technically yes we should not get that error after updating the limit but we are getting. can you point to the relevant file to check the length it is coming

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can inject the IdentityServerOptions and IOptions<IdentityServerOptions> to check its values.

Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11