Open Closed

Impersonation grant type not seeded to the angular application in OpenIddictApplications #7825


User avatar
0
william@iwell.nl created
  • ABP Framework version: v8.2.2
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): no
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

We have enabled the impersonation, however the impersonation grant type is not seeded to the database. We added "Impersonation" to the grantTypes, as described in the documentation (https://abp.io/docs/latest/modules/account/impersonation#angular). When creating a new database, the Console Test / Angular Application is added to the table OpenIddictApplications.

However, the OpenIddictApplications row Portal_App and column Permissions is missing the 'gt:Impersonation' field. This results in the error message This client application is not allowed to use the specified grant type.. We can fix this by manually adding the gt:Impersonation, as described in this issue.

We would like this to be seeded, so new databases don't require this manual step.

What are we missing?

Content of OpenIddictApplications row Portal_App and column Permissions after seeding. [ "ept:logout", "gt:authorization_code", "rst:code", "ept:authorization", "ept:token", "ept:revocation", "ept:introspection", "gt:password", "gt:client_credentials", "gt:refresh_token", "scp:address", "scp:email", "scp:phone", "scp:profile", "scp:roles", "scp:Portal" ]

Our implementation of the seeder: We are sure this one is being used, as changing the display name does work.

OpenIddictDataSeedContributor

//Console Test / Angular Client
var consoleAndAngularClientId = configurationSection["Portal_App:ClientId"];
if (!consoleAndAngularClientId.IsNullOrWhiteSpace())
{
    var consoleAndAngularClientRootUrl = configurationSection["Portal_App:RootUrl"]?.TrimEnd('/');
    await CreateApplicationAsync(
        name: consoleAndAngularClientId,
        type: OpenIddictConstants.ClientTypes.Public,
        consentType: OpenIddictConstants.ConsentTypes.Implicit,
        displayName: "Console Test / Angular Application",
        secret: null,
        grantTypes:
        [
            OpenIddictConstants.GrantTypes.AuthorizationCode,
            OpenIddictConstants.GrantTypes.Password,
            OpenIddictConstants.GrantTypes.ClientCredentials,
            OpenIddictConstants.GrantTypes.RefreshToken,
            "LinkLogin", // somehow this is not being seeded to the database
            "Impersonation" // somehow this is not being seeded to the database
        ],
        scopes: commonScopes,
        redirectUri: consoleAndAngularClientRootUrl,
        clientUri: consoleAndAngularClientRootUrl,
        postLogoutRedirectUri: consoleAndAngularClientRootUrl
    );
}

3 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please check the CreateApplicationAsync

    It should contain these lines: https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/OpenIddict/OpenIddictDataSeedContributor.cs#L350-L353

  • User Avatar
    0
    william@iwell.nl created

    Thank you, adding the lines fixed it.

    var buildInGrantTypes = new[] {
        OpenIddictConstants.GrantTypes.Implicit, OpenIddictConstants.GrantTypes.Password,
        OpenIddictConstants.GrantTypes.AuthorizationCode,          OpenIddictConstants.GrantTypes.ClientCredentials,
        OpenIddictConstants.GrantTypes.DeviceCode, OpenIddictConstants.GrantTypes.RefreshToken
    };
    
    if (!buildInGrantTypes.Contains(grantType))
    {
        application.Permissions.Add(OpenIddictConstants.Permissions.Prefixes.GrantType + grantType);
    }
    
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    : )

Made with ❤️ on ABP v9.1.0-preview. Updated on November 18, 2024, 05:54