Open Closed

Social Logins with SaveTokens = true not saving tokens? #2604


User avatar
0
chris.tune@gmail.com created

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples, to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, please use the search on the homepage.

If you're creating a bug/problem report, please include followings:

  • ABP Framework version: v5.1.3
  • UI type: MVC
  • DB provider: EF Core / MongoDB
  • Tiered (MVC) or Identity Server Separated (Angular): yes / no
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hi

I'm using a library called AspNet.Security.OAuth.Providers to provide OAuth to a test abp solution. These are just specific OAuth extensions so it's easier to set up external logins.

For example I have a **non **abp MVC solution that uses:

.AddGitHub(options => { options.ClientId = Configuration["GitHub:ClientId"]; options.ClientSecret = Configuration["GitHub:ClientSecret"]; options.EnterpriseDomain = Configuration["GitHub:EnterpriseDomain"]; options.Scope.Add("user:email"); options.SaveTokens = true; });

When I use HttpContext.GetTokenAsync I get the access token which I can then use to call the github api. e.g. var accessToken = await HttpContext.GetTokenAsync("GitHub", "access_token");

When running the exact same code in ABP.IO the access token is null. I'm not sure if this is something to do with the auth implementation, but it would be great to be able to use the savetokens = true and access that token.

Thanks Chris


5 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Can you share a project that reproduces the problem with me? liming.ma@volosoft.com

  • User Avatar
    0
    chris.tune@gmail.com created

    hi

    Can you share a project that reproduces the problem with me? liming.ma@volosoft.com

    Hi, I've invited you to a git hub repo. Let me know if this was the right email address. It's a basic starter template MVC style, non-tiered.

    I've noticed that the token **does **come through on the initial authentication request - e.g. when registering. After that, it does not seem to come through. I think it might be associated with the external cookie, which then gets wiped out?

    The above was for a POC, but - We are using the microservices solution in our production environment, so I'm guessing we would need to take a different approach to this as well as the token would need to be handled by the identity server and then potentially stored in a cache?

    Cheers :)

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The ASP NET Core Identity cleans up the external cookie which includes the access_token etc.

    This is Microsoft Design.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Here is a solution that copy tokens from IdentityConstants.ExternalScheme to IdentityConstants.ApplicationScheme

    .AddGitHub(options =>
    {
        options.ClientId = "bdcc3";
        options.ClientSecret = "32e3";
    
        options.SaveTokens = true;
    
        options.ClaimActions.Remove(ClaimTypes.Email);
        options.ClaimActions.MapJsonKey(AbpClaimTypes.Email, "email");
    })
    
    
    
    
    
    using System.Threading.Tasks;
    using AspNet.Security.OAuth.GitHub;
    using Microsoft.AspNetCore.Authentication;
    using Microsoft.AspNetCore.Http;
    using Microsoft.AspNetCore.Identity;
    using Microsoft.Extensions.DependencyInjection;
    using Microsoft.Extensions.Logging;
    using Microsoft.Extensions.Options;
    using Volo.Abp.DependencyInjection;
    using IdentityUser = Volo.Abp.Identity.IdentityUser;
    
    namespace abp.social_test.Web;
    
    [Dependency(ServiceLifetime.Transient, ReplaceServices = true)]
    [ExposeServices(typeof(SignInManager<IdentityUser>))]
    public class MySignInManager : SignInManager<IdentityUser>
    {
        public MySignInManager(Microsoft.AspNetCore.Identity.UserManager<IdentityUser> userManager,
            IHttpContextAccessor contextAccessor,
            Microsoft.AspNetCore.Identity.IUserClaimsPrincipalFactory<IdentityUser> claimsFactory,
            IOptions<IdentityOptions> optionsAccessor, ILogger<SignInManager<IdentityUser>> logger,
            IAuthenticationSchemeProvider schemes, IUserConfirmation<IdentityUser> confirmation) : base(userManager,
            contextAccessor, claimsFactory, optionsAccessor, logger, schemes, confirmation)
        {
        }
    
        public override async Task SignInAsync(IdentityUser user, AuthenticationProperties authenticationProperties,
            string authenticationMethod = null)
        {
            if (authenticationMethod == GitHubAuthenticationDefaults.AuthenticationScheme) // is github external login
            {
                var githubAuthenticateResult = await Context.AuthenticateAsync(IdentityConstants.ExternalScheme);
                if (githubAuthenticateResult.Succeeded)
                {
                    if (githubAuthenticateResult.Properties != null)
                    {
                        authenticationProperties.StoreTokens(githubAuthenticateResult.Properties.GetTokens());
                    }
                }
            }
    
            await base.SignInAsync(user, authenticationProperties, authenticationMethod);
        }
    }
    

  • User Avatar
    0
    chris.tune@gmail.com created

    Awesome thanks so much!

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38