Ends in:
7 DAYS
20 HRS
23 MIN
36 SEC
Ends in:
7 D
20 H
23 M
36 S
Open Closed

Migrating data from IdentityServer to OpenIddic #7483

User avatar
0
nhontran created
  • ABP Framework version: v5.2.2
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes

We are migrating our auth server from IdentityServer to OpenIdDict. While we have reviewed the migration guide, we have not found any documentation on how to migrate the data from IdentityServer tables to OpenIdDict tables. Could you provide guidance on this process?

Go to accepted answer
7 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can refer to OpenIddictDataSeedContributor class.

    https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/OpenIddict/OpenIddictDataSeedContributor.cs

    https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.DbMigrator/appsettings.json#L10-L48

    How many clients do you have?

  • User Avatar
    0
    nhontran created

    Hi @maliming, I have checked the OpenIddictDataSeedContributor, but there are some features that available in IdentityServer but missing in OpenIdDict.

    With IdentityServer, we can create the Api Resources and Identity Resource using the following screens:

    <br> And then we can configure the Api Resource & Identity Resources for a Client:

    How can we achieve these features with OpenIdDict?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    There are only Scope and Application that you need to pay attention to in OpenIddict.

    https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/OpenIddict/OpenIddictDataSeedContributor.cs#L55-L56

    For claims management, you can check https://docs.abp.io/en/abp/latest/Modules/OpenIddict#updating-claims-in-access_token-and-id_token

    Add your claim types to id/access token from AbpOpenIddictClaimsPrincipalHandlerContext's Principal.

    What are grantTypes of your client?

  • User Avatar
    0
    nhontran created

    Hi @maliming, does it mean there is no UI to configure it and we need to manage the claims in code?

    we are using "client_credentials" & "authorization_code" grant types.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Yes, there is no UI to configure the claims. You have to change it by code.

    You can add an IAbpOpenIddictClaimsPrincipalHandler to see if your oauth2 request works.

    If you get an error, please share the logs. I will check it.

    Thanks.

  • User Avatar
    0
    nhontran created

    ok, I will try and update the result here.

    This seems like a drawback for us. Is there any plan to make this configurable through the UI?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I will investigate this. Thank you

    The design of Openiddict and identity server are different, so this may not be possible.

Assignee
User avatar maliming
Labels
None yet
Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06