Activities of "gterdem"

You shouldn't be generating access_token manually in the login process. All of the flows are created because of security reasons.

In tiered application, your web application is not the Secure Token Server (STS) to grant you the access token. IdentityServer is the STS and you need to get and validate your tokens to IdentityServer.

That being said, you can make a request to IdentityServer /connect/token endpoint with supported grant types to get access_token.

Thank you for your report.

I have created an internal issue about this. We will investigate.

Overriding seems okay though.

Can you share the log again after adding Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true; and make a new request?

It should have detailed information about this log:

[08:30:02 INF] Request starting HTTP/1.1 GET http://mos-st-administration/api/language-management/languages/all - -
[08:30:02 ERR] Exception occurred while processing message.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: 'System.String'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: 'System.String'.

It is not login page, it is identityserver manage profile page right?

To be sure, can you share screenshot about the page and the link you are having problem with?

There may be a problem with overriding the configuration in your kubernetes values files.

Do you deploy as a single helm chart and be sure that the Values.yaml has the correct configuration? If you are deploying applications individually, you need to update related helm chart Values.yaml.

Can you also add the related code to show detailed OpenId error and rebuild/redeploy your application? There might be a clue.

It is not related with the token.

Add the code below to AdministrationServiceModule ConfigureServices method to see detailed information about the OpenId error:

Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;

It can be a problem with swagger authorization. When you are making a request from the browser to login, you are redirected to http://mos-st-authserver (AuthServer:Authority) however it is served under https on the browser.

Maybe you can try sending a header from WebGateway Ingress and write a midware at AuthServer to redirect to https if the request is coming from the browser:

app.Use(async (ctx, next) =>
{
    if (ctx.Request.Headers.ContainsKey("from-ingress"))
    {
        ctx.Request.Scheme = "https";
        return next();
    }

    return next();
});

This way, when you are making a login request from swagger, you should be redirected to https://mos-st-authserver and the token validation Issuer will still navigate to http://mos-st-authserver inside the internal kubernetes network.

Letsencrypt won't work since you are not using real domains. Is your authserver (already accountservice) running on https?

Do you get Not secure/trusted error? Internal request to issuer endpoint can fail because of returning a not secure page.

Do you have appsettings.json and appsettings.secrets.json files under SaasService/TestBase folder?

Is this docker for desktop local kubernetes cluster you are trying to run? This seems to be related to swagger authentication. I will try to reproduce the problem. Do you have any custom configurations on ingress.yaml files?

It's very helpful to deploy an abp.io microservice template to a Helm hub for reference... Please consider that.

Thank you for the suggestion. I will create an internal issue for this.

I failed to reproduce this error using microservice template version 5.2.1:

Hello we are using the latest version of abp but we are still getting the below error

What is your template version?