Open Closed

Auto Login after passwordless #7693


User avatar
0
raymondbu95 created
  • ABP Framework version: v8.0.1
  • UI Type: Angular
  • Database System: MySQL&MongoDB
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes

We had an MVC AuthServer and a seperate web in Angular. Is there any possible that after calling an api, and we do a passwordless login, able to set the local storage just like this?

Attached with previous question regarding passwordless login


15 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    As a clarification, have you already obtained the token via the new grant type in angular?

  • User Avatar
    0
    raymondbu95 created

    calling with api yes. only get the access_token

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    If you want to get the refresh_token at the same time, you can try to add an offline_access scope.

  • User Avatar
    0
    raymondbu95 created

    i mean, anyway that able to set to the local storage by calling the connect/token api with custom grant type?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can use Ajax, call the token endpoint to get the tokens, and then you can store them to local storage.

  • User Avatar
    0
    raymondbu95 created

    what is needed for all these?

    i only able to get these information from the access token. what am i missing?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    These are obtained by code flow. You are using a custom grant type.

    You already have the access_token. You can call api to get any info.

  • User Avatar
    0
    raymondbu95 created

    Hi, yup i noticed i used a custom grant type, however if i want it to be same as code flow by using this custom grant type with passwordless, is it able to do it?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You already did it. You have the access_token, which means you have logged in.

  • User Avatar
    0
    raymondbu95 created

    but the granted scope and refresh token? how do i get those

  • User Avatar
    0
    raymondbu95 created

    should have all these in access token, lack of aud & scope

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please share the code of your grant type.

  • User Avatar
    0
    raymondbu95 created
    public class CustomTokenExtension : AbpOpenIdDictControllerBase, ITokenExtensionGrant 
    {
    public const string ExtensionGrantName = "auto_token";
    
    public string Name => ExtensionGrantName;
    public async Task<IActionResult> HandleAsync(ExtensionGrantContext context)
    {
        var signInManager = context.HttpContext.RequestServices.GetRequiredService<AbpSignInManager>();
        // var principal = (await HttpContext.AuthenticateAsync(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme)).Principal;
        // principal = await AbpClaimsPrincipalFactory.CreateDynamicAsync(principal);
        var uid = context.Request.GetParameter("u").ToString();
    
        if (string.IsNullOrEmpty(uid))
        {
            return new ForbidResult(
                new[] { OpenIddictServerAspNetCoreDefaults.AuthenticationScheme },
                properties: new AuthenticationProperties(new Dictionary<string, string>
                {
                    [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidRequest
                }!));
        }
    
        if (!Guid.TryParse(uid, out var userId))
        {
            return new ForbidResult(
                                new[] { OpenIddictServerAspNetCoreDefaults.AuthenticationScheme },
                                properties: new AuthenticationProperties(new Dictionary<string, string>
                                {
                                    [OpenIddictServerAspNetCoreConstants.Properties.Error] = OpenIddictConstants.Errors.InvalidRequest
                                }!));
        }
    
        // var userId = principal.FindUserId();
        var userManager = context.HttpContext.RequestServices.GetRequiredService<IdentityUserManager>();
        var user = await userManager.GetByIdAsync(userId);
        var userClaimsPrincipalFactory = context.HttpContext.RequestServices.GetRequiredService<IUserClaimsPrincipalFactory<Volo.Abp.Identity.IdentityUser>>();
        var principal = await signInManager.CreateUserPrincipalAsync(user);
        await signInManager.SignInAsync(user, isPersistent: false);
    
        //For abp version >= 7.3
        await context.HttpContext.RequestServices.GetRequiredService<AbpOpenIddictClaimsPrincipalManager>().HandleAsync(context.Request, principal);
    
        return new Microsoft.AspNetCore.Mvc.SignInResult(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme, principal);
    }
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Try to set the scope to your principal.

    principal.SetScopes(your scopes array);
    principal.SetResources(await GetResourcesAsync(context, principal.GetScopes()));
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Which object is null? Is it CurrentTenant? If so you can get service from HttpContext.

    var CurrentTenant =  context.HttpContext.RequestServices.GetRequiredService<ICurrentTenant>()
    
Made with ❤️ on ABP v9.1.0-preview. Updated on November 11, 2024, 11:11