Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.
If you're creating a bug/problem report, please include followings:
- ABP Framework version: v7.3.1
- UI type: Blazor
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): no
- Exception message and stack trace:
- Steps to reproduce the issue:"
I would like to use SSO with a single tier Blazor Server ABP solution. I have a separate site that I would like to have sign in using OpenIddict, then callback with a JWT to an endpoint on that site. So similar to how the Public websites work in ABP, but not necessarily using .NET.
I can see that the Public website in my dev environment calls the following URL to auth then redirect:
https://localhost:44396/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DABP73Public_Web_Public%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%3A7136%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520ABP73Public%26response_mode%3Dform_post%26nonce%3D638261167785072016.ZDg1NjgyZWUtZTAwNi00OGI4LTk0OTktNTZiNzVhOWIxOGFhMzk3YWM5N2UtODAwZC00YTc5LWI1MDMtNTA3OGNlNDk0MTEw%26state%3DCfDJ8MMdCuDzYEhJvMFQjtHhQGyHQ7Qq5BRX2jGkRv3Pti2RLsO3Zc0hq9QnyTqRr02P1_4NXt931DyfZ7gzkMJRP7UBUQNETvBJcwNqV3g2YbD2aOWRwEnF-gzhcrwrubi6mhAbGxqd6ZcTgmD9ndYyqCU2tW_ekfuuYY1cxmxMeeDF9CauhfMREVk0tCHTPcovRb8foC_mvAqRIvB-FSNjf-MLqwbtHeOltgqXecSXXH9K9gHrkWIe-dP2lQaq3pbrBqvU6BPCC8hd4Czj034Css0dT7AedrLKTmcde7Y47OdO%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.21.0.0
This is generated by the ChallengeAccountController in the Public website. How can I best handle this outside of a .NET environment? Are there any other considerations that I am missing here?
Note: I did change the redirect_uri in this example to https://jwt.ms , and configured things ( I think ) correctly but on the redirect I didn't get a JWT. I am expecting this to work similar to how Azure B2C works, if you are familiar with that workflow. If I am missing something please let me know.
Thanks,
Karim
7 Answer(s)
-
0
hi
You can add an
OpenIdConnect
andCookies
authentication schemes to yourseparate site
Then everything will work as Public website
context.Services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies", options => { options.ExpireTimeSpan = TimeSpan.FromDays(365); options.CheckTokenExpiration(); }) .AddAbpOpenIdConnect("oidc", options => { options.Authority = configuration["AuthServer:Authority"]; options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); ; options.ResponseType = OpenIdConnectResponseType.CodeIdToken; options.ClientId = configuration["AuthServer:ClientId"]; options.ClientSecret = configuration["AuthServer:ClientSecret"]; options.UsePkce = true; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("roles"); options.Scope.Add("email"); options.Scope.Add("phone"); options.Scope.Add("MyProjectName"); });
-
0
Hi,
The question is based around handling this outside of a .NET environment.
How can I best handle this outside of a .NET environment?
So for example, I have a simple single page site, www.mysite.com with a LOGIN button on the homepage. I need to be able to generate the fully formed URL to the Auth server (ABP OpenIddict) that contains the redirectUri to then call back to www.mysite.com/callback so that I can access a JWT.
So I need a way to generate this URL ( as noted in the original question ):
https://localhost:44396/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DABP73Public_Web_Public%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%3A7136%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520ABP73Public%26response_mode%3Dform_post%26nonce%3D638261167785072016.ZDg1NjgyZWUtZTAwNi00OGI4LTk0OTktNTZiNzVhOWIxOGFhMzk3YWM5N2UtODAwZC00YTc5LWI1MDMtNTA3OGNlNDk0MTEw%26state%3DCfDJ8MMdCuDzYEhJvMFQjtHhQGyHQ7Qq5BRX2jGkRv3Pti2RLsO3Zc0hq9QnyTqRr02P1_4NXt931DyfZ7gzkMJRP7UBUQNETvBJcwNqV3g2YbD2aOWRwEnF-gzhcrwrubi6mhAbGxqd6ZcTgmD9ndYyqCU2tW_ekfuuYY1cxmxMeeDF9CauhfMREVk0tCHTPcovRb8foC_mvAqRIvB-FSNjf-MLqwbtHeOltgqXecSXXH9K9gHrkWIe-dP2lQaq3pbrBqvU6BPCC8hd4Czj034Css0dT7AedrLKTmcde7Y47OdO%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.21.0.0
Thanks,
Karim
-
0
hi
outside of a .NET environment?
What kind of application?
HTML + Javascript? PHP? Java?
Using the oauth2 class library would be best instead of processing it manually. This process is more complicated.
-
0
HTML + Javascript for now, but I want to be able to have any 3rd party site / app that we have authenticate using ABP auth.
So if you could explain how best to generate that URL and if there are any particular considerations I need to be aware of given the ABP implementation that would be great.
-
0
hi
You can use the javascript library like https://github.com/IdentityModel/oidc-client-js/wiki
So if you could explain how best to generate that URL and if there are any particular considerations I need to be aware of given the ABP implementation that would be great.
Abp uses standard oauth flow. https://auth0.com/docs/get-started/authentication-and-authorization-flow/authorization-code-flow
-
0
hi
You can add an
OpenIdConnect
andCookies
authentication schemes to yourseparate site
Then everything will work as Public website
context.Services.AddAuthentication(options => { options.DefaultScheme = "Cookies"; options.DefaultChallengeScheme = "oidc"; }) .AddCookie("Cookies", options => { options.ExpireTimeSpan = TimeSpan.FromDays(365); options.CheckTokenExpiration(); }) .AddAbpOpenIdConnect("oidc", options => { options.Authority = configuration["AuthServer:Authority"]; options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); ; options.ResponseType = OpenIdConnectResponseType.CodeIdToken; options.ClientId = configuration["AuthServer:ClientId"]; options.ClientSecret = configuration["AuthServer:ClientSecret"]; options.UsePkce = true; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("roles"); options.Scope.Add("email"); options.Scope.Add("phone"); options.Scope.Add("MyProjectName"); });
OK then, to keep things clear, let's go back to this scenario with a separate .NET application. What code to I need to call / use in order to generate the correct URL as mentioned in the initial question?
-
0
You can call the
Challenge
to initial the oidc flow.[HttpGet] public virtual async Task<ActionResult> Challenge(string returnUrl = "") { return Challenge(new AuthenticationProperties { RedirectUri = returnUrl }, "oidc"); }
https://learn.microsoft.com/en-us/dotnet/api/microsoft.aspnetcore.mvc.controllerbase.challenge?view=aspnetcore-7.0