Open Closed

Problem setting up the angular section of the api #10011

User avatar
0
agustinplaza created

Hello,

We've been trying to install an instance of this solution, based on the MTGCorp.HttpApi.Host solution, version . We're trying to use a fritn that connects to it using the following versions:

"versions": { "LeptonX": "4.1.0", "AbpFramework": "9.1.0", "AbpCommercial": "9.1.0", "AbpStudio": "0.9.25", "TargetDotnetFramework": "net9.0" },

We've managed to run this in a docker inside an app service. The app service has the requirement that all internal traffic should be http.

Our appsettings is as follows: { "App": { "SelfUrl": "https://dev-configurator-api.mtgcorp.com", "AngularUrl": "http://localhost:4200", "CorsOrigins": "https://.MTGCorp.com,http://localhost:4200", "RedirectAllowedUrls": "http://localhost:4200", "DisablePII": false, "HealthCheckUrl": "/health-status" }, "ConnectionStrings": { "Default": "", "ToothProduct": "" }, "AuthServer": { "Authority": "https://dev-configurator-api.mtgcorp.com", "RequireHttpsMetadata": false, "SwaggerClientId": "MTGCorp_Swagger", "CertificatePassPhrase": "" }, "Kestrel": { "Endpoints": { "Http": { "Url": "http://:80" } } }, "StringEncryption": { "DefaultPassPhrase": "" }, "mtg": { "BaseUrl": "https://mtgcorp.com/", "UserName": "admin", "Pass": "mtg.2022._" }, "Localization": { "DefaultPassword": "***" }, "RemoteServices": { "Default": { "BaseUrl": "https://localhost:53929/" }, "BookStore": { "BaseUrl": "https://localhost:48392/" } } }

When we try to access through a redirect from the front, we get the error message "error validating authorization_endpoint in discovery document Array [ "https for all urls required. Also for urls received by discovery." ]": error validating authorization_endpoint in discovery document Array [ "https for all urls required. Also for urls received by discovery." ] angular-oauth2-oidc.mjs:1349:19 Angular 2 validateDiscoveryDocument loadDiscoveryDocument RxJS 15 next _next next map _next next filter _next next doInnerSub _next next innerSubscriber _next next Angular 21 onLoad invokeTask onInvokeTask invokeTask onInvokeTask invokeTask runTask invokeTask invokeTask globalCallback globalZoneAwareCallback (Asíncrono: EventListener.handleEvent) customScheduleGlobal scheduleTask onScheduleTask scheduleTask onScheduleTask scheduleTask scheduleTask scheduleEventTask makeAddListener handle RxJS 57 _trySubscribe subscribe errorContext subscribe switchMap _next next fromArrayLike _trySubscribe subscribe errorContext subscribe switchMap operate subscribe errorContext subscribe finalize operate subscribe errorContext subscribe finalize operate subscribe errorContext subscribe finalize operate subscribe errorContext subscribe doInnerSub outerNext _next next fromArrayLike _trySubscribe subscribe errorContext subscribe mergeInternals mergeMap operate subscribe errorContext subscribe filter operate subscribe errorContext subscribe map operate subscribe errorContext subscribe Angular 3 loadDiscoveryDocument ZoneAwarePromise loadDiscoveryDocument init abp-ng.oauth.mjs:296 __async main.js:60 ZoneAwarePromise Angular __async main.js:44 init abp-ng.oauth.mjs:288 init abp-ng.oauth.mjs:348 __async main.js:60 ZoneAwarePromise Angular __async main.js:44 init abp-ng.oauth.mjs:345 init/</result$< abp-ng.oauth.mjs:504 RxJS 60 ZoneAwarePromise Angular lastValueFrom RxJS init abp-ng.oauth.mjs:505 __async main.js:60 ZoneAwarePromise Angular __async main.js:44 init abp-ng.oauth.mjs:500 getInitialData abp-ng.core.mjs:1209 fulfilled main.js:47 Angular 15 invoke onInvoke invoke run scheduleResolveOrReject invokeTask onInvokeTask invokeTask onInvokeTask invokeTask runTask drainMicroTaskQueue (Asíncrono: promise callback) nativeScheduleMicroTask scheduleMicroTask scheduleTask

We'd liek to resolve this issue. Should we modify the appsettings in some way? What should we put as values of App.AngularUrl, App.CorsOrigins, App.RedirectAllowedUrls, RemoteServices.Default.BaseUrl and RemoteServices.BookStore.BaseUrl? IS the solution something else?

Go to accepted answer
4 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent

    To resolve the "error validating authorization_endpoint in discovery document" and ensure your ABP Angular application works with your backend in an environment where all internal traffic is HTTP but public endpoints are HTTPS, you must ensure that all URLs in your OpenID Connect discovery document (/.well-known/openid-configuration) use HTTPS. The Angular OAuth2/OIDC client requires all endpoints (issuer, authorization_endpoint, token_endpoint, etc.) to be HTTPS when requireHttps is true (which is the default in production).

    Solution Steps

    1. Kestrel/Reverse Proxy Configuration
      • Even if your app service uses HTTP internally, you must ensure that the URLs generated in the discovery document are HTTPS. This is typically handled by forwarding headers from your reverse proxy (like Azure App Service or Nginx).
      • In your Program.cs or Startup.cs, add the following to enable forwarded headers:
    app.UseForwardedHeaders(new ForwardedHeadersOptions
     {
         ForwardedHeaders = ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedFor
     });
    • Ensure your reverse proxy (Azure App Service) is configured to forward the X-Forwarded-Proto header.
    1. AppSettings Configuration
      • Set App.SelfUrl to your public HTTPS URL:
    "SelfUrl": "https://dev-configurator-api.mtgcorp.com"
    • Set App.AngularUrl to your deployed Angular app's public URL (not localhost for production):
    "AngularUrl": "https://dev-configurator.mtgcorp.com"
    • Set App.CorsOrigins to include your Angular app's public URL:
    "CorsOrigins": "https://*.mtgcorp.com"
    • Set App.RedirectAllowedUrls to your Angular app's public URL:
    "RedirectAllowedUrls": "https://dev-configurator.mtgcorp.com"
    • For local development, you can add http://localhost:4200 to these lists, but for production, only use HTTPS URLs.
    1. RemoteServices Configuration
      • Set RemoteServices.Default.BaseUrl to your backend's public HTTPS URL:
    "RemoteServices": {
       "Default": {
         "BaseUrl": "https://dev-configurator-api.mtgcorp.com/"
       }
     }
    • Do the same for any other remote services.
    1. AuthServer Configuration
      • Set AuthServer.Authority to your public HTTPS URL:
    "Authority": "https://dev-configurator-api.mtgcorp.com"
    • Set RequireHttpsMetadata to true for production.

    1. Regenerate Discovery Document

      • After making these changes, restart your backend. The discovery document at https://dev-configurator-api.mtgcorp.com/.well-known/openid-configuration should now show all endpoints as HTTPS.

    2. Angular Environment

      • In your Angular environment.prod.ts, set the OAuth config to use the HTTPS backend URL for issuer and endpoints.

    Summary Table

    | Setting | Value (Production) | |---------------------------------|----------------------------------------------------| | App.SelfUrl | https://dev-configurator-api.mtgcorp.com | | App.AngularUrl | https://dev-configurator.mtgcorp.com | | App.CorsOrigins | https://*.mtgcorp.com | | App.RedirectAllowedUrls | https://dev-configurator.mtgcorp.com | | RemoteServices.Default.BaseUrl | https://dev-configurator-api.mtgcorp.com/ | | AuthServer.Authority | https://dev-configurator-api.mtgcorp.com | | AuthServer.RequireHttpsMetadata| true |

    Note: If you need to support local development, add http://localhost:4200 to CORS and RedirectAllowedUrls, but never use HTTP in production.

    References

    This configuration will ensure your discovery document is valid and all endpoints are HTTPS, resolving the Angular OAuth2/OIDC validation error.

    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0
    agustinplaza created

    After applying these changes we get the following error: Object { headers: {…}, status: 400, statusText: "Bad Request", url: "https://dev-configurator-api.mtgcorp.com/.well-known/openid-configuration", ok: false, type: undefined, redirected: undefined, name: "HttpErrorResponse", message: "Http failure response for https://dev-configurator-api.mtgcorp.com/.well-known/openid-configuration: 400 Bad Request", error: {…} }

  • User Avatar
    0
    agustinplaza created

    Also, we didn't manage to add app.UseForwardedHeaders(new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedFor });, if we add this to Programs it fails compilation.

    Also, trying to access https://dev-configurator-api.mtgcorp.com/.well-known/openid-configuration gives us this:

    error "invalid_request" error_description "This server only accepts HTTPS requests."

    If I fix that using RequireHttpsMetadata=false, we're back to square one with the original error

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you try to set Request.Scheme to https in your API website?

    
public override void OnApplicationInitialization(ApplicationInitializationContext context)
{
    var env = context.GetEnvironment();
    var app = context.GetApplicationBuilder();

    app.Use(async (ctx, next) =>
    {
        ctx.Request.Scheme = "https";
        await next();
    });     
    
    //...

    Thanks.

Assignee
User avatar maliming
Question details
Labels
None yet
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.1.0-preview. Updated on October 17, 2025, 13:15