OpenID Error on Swagger and Angular, invalid_grant The specified token is invalid #8648 | Support

bqabani created 8 days ago

ABP Framework version: v9.0.2
UI Type: Angular
Database System: EF Core (SQL Server)
Tiered: yes
Auth Server Separated (for Angular): no
Exception message and full stack trace:

The token request was successfully extracted: { "grant_type": "authorization_code", "code": "[redacted]", "client_id": "AppName_Swagger", "redirect_uri": "https://my-domain/swagger/oauth2-redirect.html" }

The response was successfully returned as a JSON document: { "error": "invalid_grant", "error_description": "The specified token is invalid.", "error_uri": "https://documentation.openiddict.com/errors/ID2004" }.

Steps to reproduce the issue:

Create a new Abp app
Deploy it to IIS
Add SSL
Configure urls + run DbMigrator + configure appSettings
Test Login on HostApp : worked
Logout : worked
Open Swagger: try Authorize (Login) : select scope (appname) ,
Then redirected to login page automatically, then input credentials
redirected back to swagger with error: auth errorError: response status is 400, error: invalid_grant, description: The specified token is invalid.
the same scenario for angular : error : infinite redirection between Host and angular , with same error above
but login directly using MVC app : worked

Please note that there is no changes on code has been made

for more info, I added log here: https://drive.google.com/file/d/1KVqn0XN3wjbAsq4oPMxAiH3QrzfVzSOb/view?usp=sharing

5 Answer(s)

liangshiwei created 7 days ago

Support Team Fullstack Developer

Please set log level to Debug and re-share the logs.txt

        Log.Logger = new LoggerConfiguration()
            .MinimumLevel.Debug()
            .MinimumLevel.Override("OpenIddict", LogEventLevel.Verbose)
            .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning)
            .Enrich.FromLogContext()
            .WriteTo.Async(c => c.File("Logs/logs.txt"))
            .WriteTo.Async(c => c.Console())

Thanks.

1

bqabani created 7 days ago

Done:

Updated Log:

https://drive.google.com/file/d/1Uwib25_aYeCnefpyUzAS2crUDT39vpUT/view?usp=sharing

Waiting for your response
1

liangshiwei created 7 days ago
Support Team Fullstack Developer

Hi,

I didn't see any debug level logs, can you check if it's set up successfully?

1
1

bqabani created 7 days ago

Updated:

https://drive.google.com/file/d/1vQTsEMRmB9gVlrf1OqAYlnfw-K0WyU3u/view?usp=sharing
1

liangshiwei created 7 days ago
Support Team Fullstack Developer

You can try re-generate pfx file.

We use dotnet dev-certs https to generate the pfx file.

dotnet dev-certs https -v -ep openiddict.pfx -p YOURPASSWORD

See: https://abp.io/support/questions/8613/Renewing-the-openiddictpfx-is-not-letting-me-sign-in

Have an answer to this question? Log in and write your answer.