- ABP Framework version: v4.2.2
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes /
- Exception message and stack trace:NA
- Steps to reproduce the issue:"NA
Hi Team, i have done changes in Identity server and Host service to consider Azure AD authorization provider. I need 2 answers:
- Now host and every tenant both get "Azure AD" authorization button but we would like to have Azure AD auth button based on host/tenant configuration and consider respective configuration values only.
- By default ABP don't provide UI for external provider except google, microsoft and twitter. how i can add UI for these providers i.e. extend the current ui.
18 Answer(s)
-
0
Hello team. any update for me. i have tried to look from my side.
.AddTwitter(TwitterDefaults.AuthenticationScheme, options => options.RetrieveUserDetails = true) .WithDynamicOptions<TwitterOptions, TwitterHandler>( TwitterDefaults.AuthenticationScheme, options => { options.WithProperty(x => x.ConsumerKey); options.WithProperty(x => x.ConsumerSecret, isSecret: true); } ) .AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options => { options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/"; options.ClientId = configuration["AzureAd:ClientId"]; options.ResponseType = OpenIdConnectResponseType.CodeIdToken; options.CallbackPath = configuration["AzureAd:CallbackPath"]; options.ClientSecret = configuration["AzureAd:ClientSecret"]; options.RequireHttpsMetadata = false; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("email"); options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub"); });
As per my understand ".WithDynamicOptions<TwitterOptions, TwitterHandler>(" do a lot of magic. Now question is like "TwitterOptions, TwitterHandler" what will be option and handler for AzureAd and O365.
-
0
-
0
Hello Maliming, I have done following changes:
- identitySeverModule --> ConfigureServices() method done follwoing changes:
.AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options => { options.ResponseType = OpenIdConnectResponseType.CodeIdToken; options.RequireHttpsMetadata = false; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("email"); options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub"); options.CallbackPath = configuration["AzureAd:CallbackPath"]; //options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/"; //options.ClientId = configuration["AzureAd:ClientId"]; //options.ClientSecret = configuration["AzureAd:ClientSecret"]; }) .WithDynamicOptions<OpenIdConnectOptions, OpenIdConnectHandler>( "AzureOpenId", options => { options.WithProperty(x => x.Authority); options.WithProperty(x => x.ClientId); options.WithProperty(x => x.ClientSecret, isSecret: true); } )
- Values in ABPsetting looks like
[{"name":"Google","enabled":true,"properties":[{"name":"ClientId","value":"XXXX"}],"secretProperties":[{"name":"ClientSecret","value":"XXXX"}]},{"name":"Microsoft","enabled":true,"properties":[{"name":"ClientId","value":"XXXX"}],"secretProperties":[{"name":"ClientSecret","value":"XXXX"}]},{"name":"Twitter","enabled":false,"properties":[{"name":"ConsumerKey","value":null}],"secretProperties":[{"name":"ConsumerSecret","value":null}]},{"name":"AzureOpenId","enabled":true,"properties":[{"name":"ClientId","value":"YYYY"},{"name":"Authority","value":"YYYY"}],"secretProperties":[{"name":"ClientSecret","value":"YYYY"}]}]
- i could see Azure AD button
- On button click it is breaking:
-
0
-
0
:). No values are not correct. but in code i have used the right code.
-
0
hi
Can you share a sample project that includes the
AddOpenIdConnect client secret
with me?liming.ma@volosoft.com
-
0
sure will do. I don't have sample project but will share the actual keys
-
0
ok, I will check it asap.
-
0
hi
.AddOpenIdConnect("AzureOpenId", "Azure AD", options => { options.ResponseType = OpenIdConnectResponseType.CodeIdToken; options.RequireHttpsMetadata = false; options.SaveTokens = true; options.GetClaimsFromUserInfoEndpoint = true; options.Scope.Add("email"); options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub"); options.CallbackPath = "/callback"; }) .WithDynamicOptions<OpenIdConnectOptions, OpenIdConnectHandler>( "AzureOpenId", options => { options.WithProperty(x => x.Authority); options.WithProperty(x => x.ClientId); options.WithProperty(x => x.ClientSecret, isSecret: true); } ); context.Services.Replace(ServiceDescriptor .Scoped<AccountExternalProviderOptionsManager<OpenIdConnectOptions>, OpenIdAccountExternalProviderOptionsManager>()); using System.Threading.Tasks; using Microsoft.AspNetCore.Authentication.OpenIdConnect; using Microsoft.AspNetCore.DataProtection; using Microsoft.Extensions.Options; using Volo.Abp.Account.ExternalProviders; using Volo.Abp.Account.Public.Web.ExternalProviders; using Volo.Abp.MultiTenancy; using Volo.Abp.Security.Encryption; namespace MyCompanyName.MyProjectName.Web.OpenId; public class OpenIdAccountExternalProviderOptionsManager : AccountExternalProviderOptionsManager<OpenIdConnectOptions> { private readonly OpenIdConnectPostConfigureOptions _openIdConnectPostConfigureOptions; public OpenIdAccountExternalProviderOptionsManager( IOptionsFactory<OpenIdConnectOptions> factory, IAccountExternalProviderAppService accountExternalProviderAppService, IStringEncryptionService stringEncryptionService, ITenantConfigurationProvider tenantConfigurationProvider, IDataProtectionProvider dataProtection) : base(factory, accountExternalProviderAppService, stringEncryptionService, tenantConfigurationProvider) { _openIdConnectPostConfigureOptions = new OpenIdConnectPostConfigureOptions(dataProtection); } protected async override Task OverrideOptionsAsync(string name, OpenIdConnectOptions options) { await base.OverrideOptionsAsync(name, options); _openIdConnectPostConfigureOptions.PostConfigure(name, options); } }
-
0
Thanks Maliming. Appriciate. Working as exptected. will do full testing.
Please help me on below points also:
- By default ABP don't provide UI for external provider except google, microsoft and twitter. how i can add UI for these providers i.e. extend the current ui.
- How to configure O365 external provider.
-
0
Use
WithDynamicOptions
will automatically add UI.Settings => Account => External provider
How to configure O365 external provider.
You can search it in Google. I don't know O365.
-
0
Thanks. Got it. Appriciate all help
-
0
: )
-
0
I will fix this problem in the next version.
-
0
Thanks Maliming.
Now i am facing another issue:
- i have logged in as tenant
- i could see all external providers are enabled with default host setting
i uncheck all of them and hit save (without adding any data). Success message displayed and ABPSetting table has new record having following data: [{"name":"AzureOpenId","enabled":true,"properties":[{"name":"Authority","value":null},{"name":"ClientId","value":null}],"secretProperties":[{"name":"ClientSecret","value":null}]},{"name":"Google","enabled":true,"properties":[{"name":"ClientId","value":""}],"secretProperties":[{"name":"ClientSecret","value":""}]},{"name":"Microsoft","enabled":true,"properties":[{"name":"ClientId","value":""}],"secretProperties":[{"name":"ClientSecret","value":""}]}]
i refresh page and recheck the data. again all external providers are checked
- Now i have make changes in ABPSetting value like (manually set "enabled" as false)
[{"name":"AzureOpenId","enabled":false,"properties":[{"name":"Authority","value":null},{"name":"ClientId","value":null}],"secretProperties":[{"name":"ClientSecret","value":null}]},{"name":"Google","enabled":false,"properties":[{"name":"ClientId","value":""}],"secretProperties":[{"name":"ClientSecret","value":""}]},{"name":"Microsoft","enabled":false,"properties":[{"name":"ClientId","value":""}],"secretProperties":[{"name":"ClientSecret","value":""}]}]
- still user can see all provider options
-
0
2 bugs:
- Expernal provider setting update is not working as expected
- Expternal provider display is not working as expected
-
0
hi
I will check this. Thanks
-
0
Now i have make changes in ABPSetting value like (manually set "enabled" as false)
The application use cache, You can't change settings manually, Please change it via the app, or clear the cache after changing DB.