We have two microservices; Microservice A and Microservice B, in Microservice A, we want to call some application service at Microservice B via sending HTTP request to InternalGateway.
You can not make direct request to InternalGateway to reach Microservice X, you make request to Microservice X through InternalGateway. Gateway works as a service locator to redirect your requests to related microservice and it does it automatically.
1- Is there any way to get token from Microservice A (from comming request or anywhere else) for use at http request to InternalGateway?Or, what is the best practice for this purpose?
You don't get any token from microservice. Token provider is AuthServer and most of the flow is automatically done by identityServer. Add the MicroserviceB.Application.Contracts project reference to MicroserviceA.Application.Contracts so that MicroserviceA application services become available in MicroserviceB.
2- Another question; If we gain Token with the way described in this link, How we can store this Token related to user session(User can log in into multi device then we can't store in Dictionary or something like that)
You can not store any token in any user session because there is no session. Server to server communication doesn't involve any user.
You don't need to make http request to AuthServer manually to get access token. Add Volo.Abp.Http.Client.IdentityModel.Web nuget package to your MicroserviceA.HttpApi.Host project. This package will automatically make request to get access token and add it to request header as bearer token. Make appsettings configurations for this package in like: <br>
"IdentityClients": {
"Default": {
"GrantType": "client_credentials", // Don't change this
"ClientId": "MicroserviceA", // Caller
"ClientSecret": "1q2w3e*", // Secret you used when creating this client in IdentityServerDataSeeder
"Authority": "https://myidentityserver.com", // AuthServer domain:port
"Scope": "MicroserviceB" // The resource you want to make request to
}
},
To make all of this work, you need to add MicroserviceA (makes the http request) as a client and MicroserviceB (the one you make the request to) as Api-Resource and Api-Scope. These configurations are done in IdentityServerDataSeeder file.
AdministrationService is also a client that makes request to IdentityService. You can check more about it in docs and in your template project. Here is how AdministrationService is configured as a client in IdentityServerDataSeeder just as example: <br>
//Administration Service Client
await CreateClientAsync(
name: "AdministrationService", // Your client Id.
scopes: commonScopes.Union(new[]
{
"IdentityService" //Allowed API scope
}),
grantTypes: new[] {"client_credentials"},
secret: "1q2w3e*".Sha256(), // The secret you use when making client_credential request
permissions: new[] {IdentityPermissions.Users.Default} // The permission you have over the method or appservice that you want to allow
);
<br> Most of these subjects are related with IdentityServer and I suggest reading identity-server docs so that you can learn more about server-to-server (client_credential) communication and what abp helps about it.
Share your application service please
You can use Object Extensions to extend IdentityUser . You can also persist it via mapping to database column.
Try dotnet build /graphBuild in your main microservice solution directory. That should build all related projects. Preferably after deleting bin&obj folders (there should be a delete-bin-obj-folders.bat file under main solution directory as shortcut).
AdministrationService is having problems with finding OrderServiceApplicationContractsModule.
Try building OrderService.
Note: The Microsoft.EntityFrameworkCore.Tools package was recently upgraded to 5.0.8 which seemed to cause version conflicts with 5.0.7 during the build. I worked around the issue by downgrading to 5.0.7 and editing any .csproj files that contained version 5.0.* and replaced them with 5.0.7 explicitly.
This is about local nuget cache missmatch with Microsoft.EntityFrameworkCore. You can also try removing <PrivateAssets>all</PrivateAssets> line.
Solutions to this problem will be a local solution.
We will discuss about using specific version of Microsoft.EntityFrameworkCore.
User permissions are requested by AdministrationService (permission management) from IdentityService (IdentityUserAppService) behind the scenes.
So, when you try to get the list of permissions of a user (Identity Management-> User Management -> Permission action), this internal communication happens.
Does the internal gateway play a role at all in the microservice template? Thanks!
Yes, big time. It is the gateway and locator for other microservices when you try sync-communications (http) between microservices.
Default template uses it for communication betweeen AdministrationService and IdentityService for user permissions as i have mentioned above.
I will fix missing points in documentation about this, thank you.
For external applications we created the API client credentials and we are able to do API calls.
Since you are making external calls, there is no default handling for it. Base way is to add tenantId to requests headers manually as you have mentioned.
They are project references so you will need to build them first. Or do a graphBuild on your main solution with dotnet build /graphBuild.
Share the js code where you create the datatable please.