Social Logins with SaveTokens = true not saving tokens? #2604 | Support

chris.tune@gmail.com created 2 years ago

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

If you're creating a bug/problem report, please include followings:

ABP Framework version: v5.1.3
UI type: MVC
DB provider: EF Core / MongoDB
Tiered (MVC) or Identity Server Separated (Angular): yes / no
Exception message and stack trace:
Steps to reproduce the issue:"

I'm using a library called AspNet.Security.OAuth.Providers to provide OAuth to a test abp solution. These are just specific OAuth extensions so it's easier to set up external logins.

For example I have a **non **abp MVC solution that uses:

.AddGitHub(options => { options.ClientId = Configuration["GitHub:ClientId"]; options.ClientSecret = Configuration["GitHub:ClientSecret"]; options.EnterpriseDomain = Configuration["GitHub:EnterpriseDomain"]; options.Scope.Add("user:email"); options.SaveTokens = true; });

When I use HttpContext.GetTokenAsync I get the access token which I can then use to call the github api. e.g. var accessToken = await HttpContext.GetTokenAsync("GitHub", "access_token");

When running the exact same code in ABP.IO the access token is null. I'm not sure if this is something to do with the auth implementation, but it would be great to be able to use the savetokens = true and access that token.

Thanks Chris

5 Answer(s)

0

maliming created 2 years ago
Support Team Fullstack Developer

hi

Can you share a project that reproduces the problem with me? liming.ma@volosoft.com
0

chris.tune@gmail.com created 2 years ago

hi

Can you share a project that reproduces the problem with me? liming.ma@volosoft.com

Hi, I've invited you to a git hub repo. Let me know if this was the right email address. It's a basic starter template MVC style, non-tiered.

I've noticed that the token **does **come through on the initial authentication request - e.g. when registering. After that, it does not seem to come through. I think it might be associated with the external cookie, which then gets wiped out?

The above was for a POC, but - We are using the microservices solution in our production environment, so I'm guessing we would need to take a different approach to this as well as the token would need to be handled by the identity server and then potentially stored in a cache?

Cheers :)
0

maliming created 2 years ago
Support Team Fullstack Developer

hi

The ASP NET Core Identity cleans up the external cookie which includes the access_token etc.

This is Microsoft Design.

maliming created 2 years ago

Support Team Fullstack Developer

Here is a solution that copy tokens from IdentityConstants.ExternalScheme to IdentityConstants.ApplicationScheme

.AddGitHub(options =>
{
    options.ClientId = "bdcc3";
    options.ClientSecret = "32e3";

    options.SaveTokens = true;

    options.ClaimActions.Remove(ClaimTypes.Email);
    options.ClaimActions.MapJsonKey(AbpClaimTypes.Email, "email");
})





using System.Threading.Tasks;
using AspNet.Security.OAuth.GitHub;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
using Volo.Abp.DependencyInjection;
using IdentityUser = Volo.Abp.Identity.IdentityUser;

namespace abp.social_test.Web;

[Dependency(ServiceLifetime.Transient, ReplaceServices = true)]
[ExposeServices(typeof(SignInManager<IdentityUser>))]
public class MySignInManager : SignInManager<IdentityUser>
{
    public MySignInManager(Microsoft.AspNetCore.Identity.UserManager<IdentityUser> userManager,
        IHttpContextAccessor contextAccessor,
        Microsoft.AspNetCore.Identity.IUserClaimsPrincipalFactory<IdentityUser> claimsFactory,
        IOptions<IdentityOptions> optionsAccessor, ILogger<SignInManager<IdentityUser>> logger,
        IAuthenticationSchemeProvider schemes, IUserConfirmation<IdentityUser> confirmation) : base(userManager,
        contextAccessor, claimsFactory, optionsAccessor, logger, schemes, confirmation)
    {
    }

    public override async Task SignInAsync(IdentityUser user, AuthenticationProperties authenticationProperties,
        string authenticationMethod = null)
    {
        if (authenticationMethod == GitHubAuthenticationDefaults.AuthenticationScheme) // is github external login
        {
            var githubAuthenticateResult = await Context.AuthenticateAsync(IdentityConstants.ExternalScheme);
            if (githubAuthenticateResult.Succeeded)
            {
                if (githubAuthenticateResult.Properties != null)
                {
                    authenticationProperties.StoreTokens(githubAuthenticateResult.Properties.GetTokens());
                }
            }
        }

        await base.SignInAsync(user, authenticationProperties, authenticationMethod);
    }
}

0

chris.tune@gmail.com created 2 years ago

Awesome thanks so much!

Have an answer to this question? Log in and write your answer.