- ABP Framework version: 8.0.0
- UI Type: MVC
- Database System: EF Core PostgreSQL
- Tiered (for MVC) or Auth Server Separated (for Angular): no
- Exception message and full stack trace:
- Steps to reproduce the issue:
I want to call the tenent create api (/api/saas/tenants - post method) from postman or from another environment but it gives the 401 unauthorized .
11 Answer(s)
-
0
hi
You have to get an access_token before requesting an API that needs authentication.
-
0
How to get access_token and how i can use it in postman or another environment
-
0
hi
You can make a post to your oauth2/auth server to get access_token by username and password.
https://github.com/abpframework/abp/blob/dev/modules/openiddict/app/OpenIddict.Demo.Client.Console/Program.cs#L6-L42 https://www.oauth.com/oauth2-servers/access-tokens/password-grant/
-
0
getting error while executing below function
private static async Task<TokenResponse> GetTokensFromSglBaseProjecApi() { var authority = server; var discoveryCache = new DiscoveryCache(authority); var disco = await discoveryCache.GetAsync(); var httpClient = new Lazy<HttpClient>(() => new HttpClient()); var response = await httpClient.Value.RequestPasswordTokenAsync(new PasswordTokenRequest { Address = disco.TokenEndpoint, ClientId = "SglBaseProject_Web", ClientSecret = "1q2w3e*", UserName = "admin", Password = "1q2w3E*", Scope = "openid offline_access email profile phone roles address SglBaseProject", }); if (response.IsError) throw new Exception(response.Error); return response; }
Error:
ValueKind = Object : "{ "error": "unauthorized_client", "error_description": "This client application is not allowed to use the specified grant type.", "error_uri": "https://documentation.openiddict.com/errors/ID2064" }"
-
0
hi
Can you share the code that creates
SglBaseProject_Web?You need the
OpenIddictConstants.GrantTypes.Passwordhttps://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/OpenIddict/OpenIddictDataSeedContributor.cs#L122-L125
-
0
using Microsoft.AspNetCore.Mvc.RazorPages; using IdentityModel.Client; using System.Net.Http; using System; using System.Threading.Tasks;
namespace SglBaseProject.Web.Pages { public class PortalModel : PageModel { const string server = "https://localhost:44363/"; public async void OnGet() { const bool setBearerToken = true;
var httpService = new HttpService(); var httpClient = await httpService.GetHttpClientAsync(setBearerToken); var response = await httpClient.Value.GetAsync(server+ "api/saas/tenants"); response.EnsureSuccessStatusCode(); var json = await response.Content.ReadAsStringAsync(); } public class HttpService { public async Task<Lazy<HttpClient>> GetHttpClientAsync(bool setBearerToken) { var client = new Lazy<HttpClient>(() => new HttpClient()); var accessToken = await GetAccessToken(); if (setBearerToken) { client.Value.SetBearerToken(accessToken); } client.Value.BaseAddress = new Uri(server); // return await Task.FromResult(client); } private static async Task<TokenResponse> GetTokensFromSglBaseProjectApi() { var authority = server; var discoveryCache = new DiscoveryCache(authority); var disco = await discoveryCache.GetAsync(); var httpClient = new Lazy<HttpClient>(() => new HttpClient()); var response = await httpClient.Value.RequestPasswordTokenAsync(new PasswordTokenRequest { Address = disco.TokenEndpoint, ClientId = "SglBaseProject_Web", ClientSecret = "1q2w3e*", UserName = "admin", Password = "1q2w3E*", Scope = "openid offline_access email profile phone roles address SglBaseProject", }); if (response.IsError) throw new Exception(response.Error); return response; } private async Task<string> GetAccessToken() { var accessToken = (await GetTokensFromSglBaseProjectApi()).AccessToken; return accessToken; } } }}
-
0
hi
Please share the code like:
Your client required the OpenIddictConstants.GrantTypes.Password grant type.
-
0
//Web Client var webClientId = configurationSection["SglBaseProject_Web:ClientId"]; if (!webClientId.IsNullOrWhiteSpace()) { var webClientRootUrl = configurationSection["SglBaseProject_Web:RootUrl"]!.EnsureEndsWith('/');
/* SglBaseProject_Web client is only needed if you created a tiered * solution. Otherwise, you can delete this client. */ await CreateApplicationAsync( name: webClientId!, type: OpenIddictConstants.ClientTypes.Confidential, consentType: OpenIddictConstants.ConsentTypes.Implicit, displayName: "Web Application", secret: configurationSection["SglBaseProject_Web:ClientSecret"] ?? "1q2w3e*", grantTypes: new List<string> //Hybrid flow { OpenIddictConstants.GrantTypes.AuthorizationCode, OpenIddictConstants.GrantTypes.Implicit }, scopes: commonScopes, redirectUri: $"{webClientRootUrl}signin-oidc", postLogoutRedirectUri: $"{webClientRootUrl}signout-callback-oidc", clientUri: webClientRootUrl, logoUri: "/images/clients/aspnetcore.svg" );}
-
0
hi
Try to add
OpenIddictConstants.GrantTypes.PasswordtograntTypesgrantTypes: new List<string> //Hybrid flow { OpenIddictConstants.GrantTypes.AuthorizationCode, OpenIddictConstants.GrantTypes.Implicit, OpenIddictConstants.GrantTypes.Password }, -
0
Hii, Can you help me to find out solution of below error
{StatusCode: 500, ReasonPhrase: 'Internal Server Error', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers: { Transfer-Encoding: chunked Server: Microsoft-IIS/10.0 X-Correlation-Id: eb76d290abe3420bb8465a61c5baf67a X-SourceFiles: =?UTF-8?B?RDpcQ29yZU1vZHVsZXNcQmFzZVByb2plY3RcVjhcU2dsQmFzZVByb2plY3Rcc3JjXFNnbEJhc2VQcm9qZWN0LldlYlxjb25uZWN0XHRva2Vu?= Date: Fri, 17 May 2024 11:18:49 GMT Content-Type: text/plain; charset=utf-8 }}
here is code
var response = await httpClient.Value.RequestPasswordTokenAsync(new PasswordTokenRequest { Address = disco.TokenEndpoint, ClientId = "SglBaseProject_Web", ClientSecret = "1q2w3e*", UserName = "admin", Password = "1q2w3E*", Scope = "openid offline_access email profile phone roles address SglBaseProject", }); if (response.IsError) throw new Exception(response.Error);
-
0
hi
StatusCode: 500,
Please check the logs from Auth server project
