Starts in:
0 DAY
2 HRS
9 MIN
28 SEC
Starts in:
0 D
2 H
9 M
28 S
Open Closed

Authorisation for users from external identity providers - what to do? #7046


User avatar
0
auxo-devsu created
  • ABP Framework version: v8.1.0
  • UI Type: MVC
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): tiered
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

Hi,

I'm replacing ABP's AuthServer with Auth0. I can authenticate users on Auth0, but that's the easiest part. To make things easier, I'm tackling one problem at a time. Please, note that I have looked at the docs and I didn't find anything pointing me in the right direction.

**I want to log into Admin Web Portal using my Auth0 user **

I have successfully configured the authentication to switch from Auth0 to Auth Server - both can authenticate, but only Auth Server authorises users.

**My questions are: **

  1. How do I let the authenticated user see the links and menus post-authentication?
  2. How do I ensure that ICurrentTenant has the correct tenant post-login?
  3. How do I ensure that CurrentUser.IsAuthenticated gets updated correctly? I can see that HttpContext.User.IsAuthenticated is equals true, but CurrentUser.IsAuthenticated is always false.

Thanks in advance.


6 Answer(s)
  • User Avatar
    0
    auxo-devsu created

    I spent the day looking into this, but unfortunately, as we are ABP Commercial customers, I can't see what IdentityPro registers. I would like to know which services to rewrite, which claims my users have to have, and how to ensure that tenant information and the current user are populated correctly.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Replacing ABP's AuthServer with Auth0.

    This could break a lot of built-in functionality, and I'm not sure it's feasible.

    How do I let the authenticated user see the links and menus post-authentication?

    Make sure the ICurrentTenant and ICurrentUser have correct values.

    How do I ensure that ICurrentTenant has the correct tenant post-login?

    The ICurrentTenant changed from MultiTenancyMiddleware

    https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.AspNetCore.MultiTenancy/Volo/Abp/AspNetCore/MultiTenancy/MultiTenancyMiddleware.cs#L61

    How do I ensure that CurrentUser.IsAuthenticated gets updated correctly? I can see that HttpContext.User.IsAuthenticated is equals true, but CurrentUser.IsAuthenticated is always false.

    Make sure ICurrentUser gets the correct claim type.

    https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Security/Volo/Abp/Users/CurrentUser.cs#L14 https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Security/System/Security/Principal/AbpClaimsIdentityExtensions.cs#L35

    You can change the AbpClaimTypes values.

    eg:

    AbpClaimTypes.UserName = JwtClaimTypes.PreferredUserName;
    AbpClaimTypes.Name = JwtClaimTypes.GivenName;
    AbpClaimTypes.SurName = JwtClaimTypes.FamilyName;
    AbpClaimTypes.UserId = JwtClaimTypes.Subject;
    AbpClaimTypes.Role = JwtClaimTypes.Role;
    AbpClaimTypes.Email = JwtClaimTypes.Email;
    
  • User Avatar
    0
    auxo-devsu created

    Thank you, this was helpful!

    A couple of additional questions on top of what I sent before:

    1. This could break a lot of built-in functionality, and I'm not sure it's feasible. Could you please expand on what you think would break and why?
    2. I am creating my own implementation of ICurrentUser and that seems to be the right direction in terms of passing the correct ID to ABP. How does ABP handle the claims received by Auth Server? Does ABP have anything in between the Auth Server and how claims get populated within the ClaimsPrincipal?

    Thanks.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    1. I think the changes are too big, so there maybe some breaking. You can try it step by step.

    2. abp will use HttpContext.User(ClaimsPrincipal) to populate the ICurrentUser

  • User Avatar
    0
    auxo-devsu created

    Could you please share with me the code reference so I know where ABP populates ICurrentUser? I'm a commercial customer, but I'm happy with a reference to the open-source version, too.

    Thanks, Osmar

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    ICurrentUser claims getting from:

    https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.Security/Volo/Abp/Users/CurrentUser.cs#L16

    https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Security/Claims/HttpContextCurrentPrincipalAccessor.cs#L18

Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06