Activities of "andmattia"

I'll try on machine exposed I've an other auth, version v7.4.5, not microservice but angular with api and auth separeted. and it work with flag https set to true

I do a simple test in service with 9.1.3 a call

authserver/.well-known/openid-configuration

If I call from http not exposed port the auth service and do the same in https exposes port.

The result change

call from http http://lnx-ngx-app2:5001/.well-known/openid-configuration

{
  "issuer": "https://uat.auth.myapp9.com/",
  "authorization_endpoint": "http://lnx-ngx-app2:5001/connect/authorize",
  "token_endpoint": "http://lnx-ngx-app2:5001/connect/token",
  "introspection_endpoint": "http://lnx-ngx-app2:5001/connect/introspect",
  "end_session_endpoint": "http://lnx-ngx-app2:5001/connect/endsession",
  "revocation_endpoint": "http://lnx-ngx-app2:5001/connect/revocat",
  "userinfo_endpoint": "http://lnx-ngx-app2:5001/connect/userinfo",
  "device_authorization_endpoint": "http://lnx-ngx-app2:5001/device",
  

https://uat.auth.myapp9.com/.well-known/openid-configuration

{
  "issuer": "https://uat.auth.myapp9.com/",
  "authorization_endpoint": "https://uat.auth.myapp9.com/connect/authorize",
  "token_endpoint": "https://uat.auth.myapp9.com/connect/token",
  "introspection_endpoint": "https://uat.auth.myapp9.com/connect/introspect",
  "end_session_endpoint": "https://uat.auth.myapp9.com/connect/endsession",
  "revocation_endpoint": "https://uat.auth.myapp9.com/connect/revocat",
  "userinfo_endpoint": "https://uat.auth.myapp9.com/connect/userinfo",
  "device_authorization_endpoint": "https://uat.auth.myapp9.com/device",
  "jwks_uri": "https://uat.auth.myapp9.com/.well-known/jwks",
  "gran

in microservice 9 the appsettings is configured

 "AuthServer": {
        "Authority": "https://uat.auth.myapp9.com",
        "RequireHttpsMetadata": true,
        "SwaggerClientId": "SwaggerUI",
        "CertificatePassPhrase": "...."
    },

I sent to you Auth module, appsetings and nginx configuration

I've already this row

if (!hostingEnvironment.IsDevelopment())
        {
            PreConfigure<AbpOpenIddictAspNetCoreOptions>(options =>
            {
                options.AddDevelopmentEncryptionAndSigningCertificate = false;
            });

            PreConfigure<OpenIddictServerBuilder>(builder =>
            {
                builder.AddSigningCertificate(GetSigningCertificate(hostingEnvironment, configuration));
                builder.AddEncryptionCertificate(GetSigningCertificate(hostingEnvironment, configuration));
                builder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
            });
        }

If I use

"AuthServer": {
  "Authority": "https://auth.mysite.it",
  "RequireHttpsMetadata": "false",
  "SwaggerClientId": "WebGateway_Swagger"
}

It works but angular not work and way in 9,1,3 works in https?

in Angular I've this issue

main.e261e1928bc16e78.js:1 error validating authorization_endpoint in discovery document (2) ['https for all urls required. Also for urls received by discovery.', 'Every url in discovery document has to start with …o see property strictDiscoveryDocumentValidation.']

With false flag

{
  "issuer": "https://auth.mysite.it/",
  "authorization_endpoint": "http://auth.mysite.it/connect/authorize",
  "token_endpoint": "http://auth.mysite.it/connect/token",
  "introspection_endpoint": "http://auth.mysite.it/connect/introspect",
  "end_session_endpoint": "http://auth.mysite.it/connect/logout",
  "revocation_endpoint": "http://auth.mysite.it/connect/revocat",
  "userinfo_endpoint": "http://auth.mysite.it/connect/userinfo",
  "device_authorization_endpoint": "http://auth.mysite.it/device",
  "jwks_uri": "http://auth.mysite.it/.well-known/jwks",
  ...

Ok.

I understand that version must be the same but about auth server I need to create a separate server? Are there other operation to do do?

And about auth server I need to have one ore more auth server?

Sovled!

https://abp.io/docs/9.1/framework/architecture/multi-tenancy#multi-tenancy-middleware

In IdentityService

        ...
        app.UseCors();
        app.UseRouting();
        app.UseMultiTenancy();
        app.UseHttpMetrics();
        app.UseAuthentication();
        app.UseAuthorization();

In SaasService

        app.UseAbpStudioLink();
        app.UseCors();
        app.UseRouting();
        app.UseMultiTenancy();
        app.UseHttpMetrics();
        app.UseAuthentication();
        app.UseAuthorization();

I move the app.UseMultiTenancy(); after app.UseAuthentication(); and now works has expected

This service template came from studio on startup init

Yes I've UseMultiTenancy in all services

The new log is

2025-07-08 10:40:12.684 +02:00 [ERR] HttpContext.User Claims:
2025-07-08 10:40:12.684 +02:00 [ERR] [{"Type":"iss","Value":"https://uat.auth.routilia.com/"},{"Type":"exp","Value":"1751967606"},{"Type":"iat","Value":"1751964006"},{"Type":"aud","Value":"AuthServer"},{"Type":"aud","Value":"IdentityService"},{"Type":"aud","Value":"AdministrationService"},{"Type":"aud","Value":"SaasService"},{"Type":"aud","Value":"AuditLoggingService"},{"Type":"aud","Value":"GdprService"},{"Type":"aud","Value":"LanguageService"},{"Type":"aud","Value":"OfficeService"},{"Type":"scope","Value":"offline_access address roles openid profile email phone AuthServer IdentityService AdministrationService AuditLoggingService GdprService SaasService LanguageService OfficeService"},{"Type":"jti","Value":"f7d72397-2fbe-4f40-9856-a7ba9e33d0c0"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","Value":"3a1a949e-a476-dba3-2b07-d7c455a854e7"},{"Type":"preferred_username","Value":"admin"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","Value":"cliente1@rtl.local"},{"Type":"http://schemas.microsoft.com/ws/2008/06/identity/claims/role","Value":"admin"},{"Type":"tenantid","Value":"3a1a949e-a031-030d-c51f-352140da4b89"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","Value":"admin"},{"Type":"phone_number_verified","Value":"False"},{"Type":"email_verified","Value":"False"},{"Type":"editionid","Value":"3a1a94a1-c765-9dee-a1e2-3fcb20b38d0a"},{"Type":"session_id","Value":"2026c484-b70a-4331-b822-4b672b3de7b2"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","Value":"admin"},{"Type":"oi_prst","Value":"Angular"},{"Type":"oi_au_id","Value":"3a1afb5e-10bf-8906-0b3e-1e1a7c1b85cc"},{"Type":"client_id","Value":"Angular"},{"Type":"oi_tkn_id","Value":"3a1afb5e-10d8-cd72-8a95-5d52e8306d75"}]
2025-07-08 10:40:12.684 +02:00 [ERR] Current User Claims:
2025-07-08 10:40:12.684 +02:00 [ERR] [{"Type":"iss","Value":"https://uat.auth.routilia.com/"},{"Type":"exp","Value":"1751967606"},{"Type":"iat","Value":"1751964006"},{"Type":"aud","Value":"AuthServer"},{"Type":"aud","Value":"IdentityService"},{"Type":"aud","Value":"AdministrationService"},{"Type":"aud","Value":"SaasService"},{"Type":"aud","Value":"AuditLoggingService"},{"Type":"aud","Value":"GdprService"},{"Type":"aud","Value":"LanguageService"},{"Type":"aud","Value":"OfficeService"},{"Type":"scope","Value":"offline_access address roles openid profile email phone AuthServer IdentityService AdministrationService AuditLoggingService GdprService SaasService LanguageService OfficeService"},{"Type":"jti","Value":"f7d72397-2fbe-4f40-9856-a7ba9e33d0c0"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier","Value":"3a1a949e-a476-dba3-2b07-d7c455a854e7"},{"Type":"preferred_username","Value":"admin"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress","Value":"cliente1@rtl.local"},{"Type":"http://schemas.microsoft.com/ws/2008/06/identity/claims/role","Value":"admin"},{"Type":"tenantid","Value":"3a1a949e-a031-030d-c51f-352140da4b89"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname","Value":"admin"},{"Type":"phone_number_verified","Value":"False"},{"Type":"email_verified","Value":"False"},{"Type":"editionid","Value":"3a1a94a1-c765-9dee-a1e2-3fcb20b38d0a"},{"Type":"session_id","Value":"2026c484-b70a-4331-b822-4b672b3de7b2"},{"Type":"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name","Value":"admin"},{"Type":"oi_prst","Value":"Angular"},{"Type":"oi_au_id","Value":"3a1afb5e-10bf-8906-0b3e-1e1a7c1b85cc"},{"Type":"client_id","Value":"Angular"},{"Type":"oi_tkn_id","Value":"3a1afb5e-10d8-cd72-8a95-5d52e8306d75"}]
2025-07-08 10:40:12.684 +02:00 [ERR] Current TenantId:,name: 
2025-07-08 10:40:12.684 +02:00 [ERR] UserId Claim Type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier
2025-07-08 10:40:12.684 +02:00 [ERR] UserName Claim Type: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
2025-07-08 10:40:12.684 +02:00 [ERR] Role Claim Type: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
2025-07-08 10:40:12.684 +02:00 [ERR] Authorization Header: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjI5MzBDQUQ1REEyNTQ2N0U2NkZFQTgxOEVBNDU0NzhBNDBEMTM5RTciLCJ4NXQiOiJLVERLMWRvbFJuNW1fcWdZNmtWSGlrRFJPZWMiLCJ0eXAiOiJhdCtqd3QifQ.eyJpc3MiOiJodHRwczovL3VhdC5hdXRoLnJvdXRpbGlhLmNvbS8iLCJleHAiOjE3NTE5Njc2MDYsImlhdCI6MTc1MTk2NDAwNiwiYXVkIjpbIkF1dGhTZXJ2ZXIiLCJJZGVudGl0eVNlcnZpY2UiLCJBZG1pbmlzdHJhdGlvblNlcnZpY2UiLCJTYWFzU2VydmljZSIsIkF1ZGl0TG9nZ2luZ1NlcnZpY2UiLCJHZHByU2VydmljZSIsIkxhbmd1YWdlU2VydmljZSIsIk9mZmljZVNlcnZpY2UiXSwic2NvcGUiOiJvZmZsaW5lX2FjY2VzcyBhZGRyZXNzIHJvbGVzIG9wZW5pZCBwcm9maWxlIGVtYWlsIHBob25lIEF1dGhTZXJ2ZXIgSWRlbnRpdHlTZXJ2aWNlIEFkbWluaXN0cmF0aW9uU2VydmljZSBBdWRpdExvZ2dpbmdTZXJ2aWNlIEdkcHJTZXJ2aWNlIFNhYXNTZXJ2aWNlIExhbmd1YWdlU2VydmljZSBPZmZpY2VTZXJ2aWNlIiwianRpIjoiZjdkNzIzOTctMmZiZS00ZjQwLTk4NTYtYTdiYTllMzNkMGMwIiwic3ViIjoiM2ExYTk0OWUtYTQ3Ni1kYmEzLTJiMDctZDdjNDU1YTg1NGU3IiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJlbWFpbCI6ImNsaWVudGUxQHJ0bC5sb2NhbCIsInJvbGUiOiJhZG1pbiIsInRlbmFudGlkIjoiM2ExYTk0OWUtYTAzMS0wMzBkLWM1MWYtMzUyMTQwZGE0Yjg5IiwiZ2l2ZW5fbmFtZSI6ImFkbWluIiwicGhvbmVfbnVtYmVyX3ZlcmlmaWVkIjoiRmFsc2UiLCJlbWFpbF92ZXJpZmllZCI6IkZhbHNlIiwiZWRpdGlvbmlkIjoiM2ExYTk0YTEtYzc2NS05ZGVlLWExZTItM2ZjYjIwYjM4ZDBhIiwic2Vzc2lvbl9pZCI6IjIwMjZjNDg0LWI3MGEtNDMzMS1iODIyLTRiNjcyYjNkZTdiMiIsInVuaXF1ZV9uYW1lIjoiYWRtaW4iLCJvaV9wcnN0IjoiQW5ndWxhciIsIm9pX2F1X2lkIjoiM2ExYWZiNWUtMTBiZi04OTA2LTBiM2UtMWUxYTdjMWI4NWNjIiwiY2xpZW50X2lkIjoiQW5ndWxhciIsIm9pX3Rrbl9pZCI6IjNhMWFmYjVlLTEwZDgtY2Q3Mi04YTk1LTVkNTJlODMwNmQ3NSJ9.joXzDGIJuhzhqbzUp8RqyZpZI2ujrxuw5jtFIKwtDhqw1OMExh99ivoySZbyvlm46PayP-PJUIfCJAnw45E2g7ybBl3As_udX7ChnisxTjk7pU3q4UxjntC88kE_RhXlnaPUzGLvw4apWu208LDUQuIxtjL2S2-5Z7j94Q7aunk2YU47JdDAv6DfFWEC1-3HcwNK2iL5SJv3qe-KcT_MKDOOmNT0J4_SxdNE7Hs1iKXtkCyUFJIU1nNoyX-cUin15DXozQNgYQIcuvuEbBeG9O3PbS13JALf_3O9QPSuof2O46UWC5KTYnNPpNi_EAF_KaetHjT90TycFcsg3AYImQ
2025-07-08 10:40:12.687 +02:00 [INF] Executing endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)'
2025-07-08 10:40:12.687 +02:00 [INF] Route matched with {area = "identity", controller = "User", action = "GetList"}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.Application.Dtos.PagedResultDto`1[Volo.Abp.Identity.IdentityUserDto]] GetListAsync(Volo.Abp.Identity.GetIdentityUsersInput) on controller Volo.Abp.Identity.IdentityUserController (Volo.Abp.Identity.Pro.HttpApi).
2025-07-08 10:40:12.697 +02:00 [INF] Executing ObjectResult, writing value of type 'Volo.Abp.Application.Dtos.PagedResultDto`1[[Volo.Abp.Identity.IdentityUserDto, Volo.Abp.Identity.Pro.Application.Contracts, Version=9.1.1.0, Culture=neutral, PublicKeyToken=null]]'.
2025-07-08 10:40:12.697 +02:00 [INF] Executed action Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi) in 9.8272ms
2025-07-08 10:40:12.697 +02:00 [INF] Executed endpoint 'Volo.Abp.Identity.IdentityUserController.GetListAsync (Volo.Abp.Identity.Pro.HttpApi)'
2025-07-08 10:40:12.698 +02:00 [INF] Request finished HTTP/1.1 GET http://localhost/api/identity/users?skipCount=0&maxResultCount=10 - 200 null application/json; charset=utf-8 14.6775ms