0
geegee created
We would like to enable our Tenants to register their own applications (Clients) in OpenIddict. Their registered applications can then access the data in that Tenant only.
Is this possible?
- ABP Framework version: v7.0.1
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
1 Answer(s)
-
0
Hi,
Yes, it's possible.
Just an idea:
You can create a new page to allow the tenant to register their own application.
- Use the Object Extension System to add a new property TenantId to the OpenIddictApplications entity.
- Set the current TenantId when the tenant registers the application
- Custom the TokenController to determine current tenant from application(client)
Here are the TokenController methods you need to override:
- https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.AuthorizationCode.cs#L17
- https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.DeviceCode.cs#L17
- https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.Password.cs#L38
- https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.RefreshToken.cs#L17
ClientCredentials
You need to add TenantId to the AccessToken: https://github.com/abpframework/abp/blob/dev/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/Controllers/TokenController.ClientCredentials.cs#L34
Application name should be unique even for different tenants.
