Open Closed

An error occurred in the single point single login project. The login jump cannot be directly adjusted to the authorization center, and the OpenId authorization error occurred #4906


User avatar
0
guoanjin created
  • ABP Framework version: v6.0&&.7.0
  • UI type: Blazor
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes / no
  • Exception message and stack trace:
  • Steps to reproduce the issue:"An error occurred in the single point single login project. The login jump cannot be directly adjusted to the authorization center, and the OpenId authorization error occurred An unhandled exception occurred while processing the request. Exception: Correlation failed. Unknown location

Exception: An error was encountered while handling the remote login. Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync()

Stack Query Cookies Headers Routing Exception: Correlation failed.

Show raw exception details Exception: An error was encountered while handling the remote login. Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync() Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) Microsoft.AspNetCore.Builder.UseMiddlewareExtensions+<>c__DisplayClass6_1+<<UseMiddlewareInterface>b__1>d.MoveNext() Volo.Abp.AspNetCore.Tracing.AbpCorrelationIdMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) Microsoft.AspNetCore.Builder.UseMiddlewareExtensions+<>c__DisplayClass6_1+<<UseMiddlewareInterface>b__1>d.MoveNext() Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context) Microsoft.AspNetCore.RequestLocalization.AbpRequestLocalizationMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) Microsoft.AspNetCore.Builder.UseMiddlewareExtensions+<>c__DisplayClass6_1+<<UseMiddlewareInterface>b__1>d.MoveNext() Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)

Show raw exception details System.Exception: An error was encountered while handling the remote login. ---> System.Exception: Correlation failed. --- End of inner exception stack trace --- at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync() at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context) at Volo.Abp.AspNetCore.Security.AbpSecurityHeadersMiddleware.InvokeAsync(HttpContext context, RequestDelegate next) at Microsoft.AspNetCore.Builder.UseMiddlewareExtensions.<>c__DisplayClass6_1.<

Auth Log Success: 2023-04-17 16:02:48.867 +08:00 [INF] Request starting HTTP/1.1 GET http://172.16.10.210:44322/connect/authorize?client_id=ReportDemo&redirect_uri=http%3A%2F%2F172.16.10.53%3A44338%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20AccountService%20IdentityService%20AdministrationService%20SaasService&response_mode=form_post&nonce=638173153688190603.ZmY0MDU5MGEtMTI1MC00ZDQxLTg0MzctN2QzMDAwOWQwMzk1NmQ5Zjk3NjgtMzVlNy00ZDI1LWFiMWYtNGJkNDFhNTM5OGZm&state=CfDJ8CGkFfOcMF9BqQuVqGjsPmkIO_RJaHC3UPXRnuqggiA0xSjcl6AeQE5aDLZPmdewUxtyNgutcksCgl1Gvq-lgEkfahB5TAU2OUSGpUIJWHQ71PUq6rBHTEhw3NQps8D7RsZbAqFqEcZdK-k9ySY6fExuAPSw9ue3kMst_yuCZdOiyfdg0rTN--S6IIdXcI01jOII6bUeCVbDOD8Nuv-0ouDYsMHTcuk470TDpTLAfoqXOuWwcN5iB8u97tsXfJ0wxjIkC8I1DOScaoK75qf1IgSvjjx_Qw4iSSyucInqJKyDsy4-PmU7WTCZvR5_zJVmaX5VBVAG7Ma1HFLC6vpfhCWXGg_fwLvLFpy4c6Eir-2Xveb7O-lzbXKQLnYiDA2B2P1nuxdMzUIm89oSOyBXJJM&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.11.1.0 - - 2023-04-17 16:02:48.868 +08:00 [INF] The request address matched a server endpoint: "Authorization". 2023-04-17 16:02:48.868 +08:00 [INF] The authorization request was successfully extracted: { "client_id": "ReportDemo", "redirect_uri": "http://172.16.10.53:44338/signin-oidc", "response_type": "code id_token", "scope": "openid profile roles email phone AccountService IdentityService AdministrationService SaasService", "response_mode": "form_post", "nonce": "638173153688190603.ZmY0MDU5MGEtMTI1MC00ZDQxLTg0MzctN2QzMDAwOWQwMzk1NmQ5Zjk3NjgtMzVlNy00ZDI1LWFiMWYtNGJkNDFhNTM5OGZm", "state": "CfDJ8CGkFfOcMF9BqQuVqGjsPmkIO_RJaHC3UPXRnuqggiA0xSjcl6AeQE5aDLZPmdewUxtyNgutcksCgl1Gvq-lgEkfahB5TAU2OUSGpUIJWHQ71PUq6rBHTEhw3NQps8D7RsZbAqFqEcZdK-k9ySY6fExuAPSw9ue3kMst_yuCZdOiyfdg0rTN--S6IIdXcI01jOII6bUeCVbDOD8Nuv-0ouDYsMHTcuk470TDpTLAfoqXOuWwcN5iB8u97tsXfJ0wxjIkC8I1DOScaoK75qf1IgSvjjx_Qw4iSSyucInqJKyDsy4-PmU7WTCZvR5_zJVmaX5VBVAG7Ma1HFLC6vpfhCWXGg_fwLvLFpy4c6Eir-2Xveb7O-lzbXKQLnYiDA2B2P1nuxdMzUIm89oSOyBXJJM", "x-client-SKU": "ID_NETSTANDARD2_0", "x-client-ver": "6.11.1.0" }. 2023-04-17 16:02:48.993 +08:00 [INF] The authorization request was successfully validated. 2023-04-17 16:02:48.999 +08:00 [INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' 2023-04-17 16:02:48.999 +08:00 [INF] Route matched with {action = "Handle", controller = "Authorize", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] HandleAsync() on controller Volo.Abp.OpenIddict.Controllers.AuthorizeController (Volo.Abp.OpenIddict.AspNetCore). 2023-04-17 16:02:48.999 +08:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2023-04-17 16:02:49.115 +08:00 [INF] Executing SignInResult with authentication scheme (OpenIddict.Server.AspNetCore) and the following principal: System.Security.Claims.ClaimsPrincipal. 2023-04-17 16:02:49.338 +08:00 [INF] The authorization response was successfully returned to 'http://172.16.10.53:44338/signin-oidc' using the form post response mode: { "code": "[redacted]", "id_token": "[redacted]", "state": "CfDJ8CGkFfOcMF9BqQuVqGjsPmkIO_RJaHC3UPXRnuqggiA0xSjcl6AeQE5aDLZPmdewUxtyNgutcksCgl1Gvq-lgEkfahB5TAU2OUSGpUIJWHQ71PUq6rBHTEhw3NQps8D7RsZbAqFqEcZdK-k9ySY6fExuAPSw9ue3kMst_yuCZdOiyfdg0rTN--S6IIdXcI01jOII6bUeCVbDOD8Nuv-0ouDYsMHTcuk470TDpTLAfoqXOuWwcN5iB8u97tsXfJ0wxjIkC8I1DOScaoK75qf1IgSvjjx_Qw4iSSyucInqJKyDsy4-PmU7WTCZvR5_zJVmaX5VBVAG7Ma1HFLC6vpfhCWXGg_fwLvLFpy4c6Eir-2Xveb7O-lzbXKQLnYiDA2B2P1nuxdMzUIm89oSOyBXJJM" }. 2023-04-17 16:02:49.339 +08:00 [INF] Executed action Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore) in 339.6067ms 2023-04-17 16:02:49.339 +08:00 [INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' 2023-04-17 16:02:49.341 +08:00 [INF] Request finished HTTP/1.1 GET http://172.16.10.210:44322/connect/authorize?client_id=ReportDemo&redirect_uri=http%3A%2F%2F172.16.10.53%3A44338%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20AccountService%20IdentityService%20AdministrationService%20SaasService&response_mode=form_post&nonce=638173153688190603.ZmY0MDU5MGEtMTI1MC00ZDQxLTg0MzctN2QzMDAwOWQwMzk1NmQ5Zjk3NjgtMzVlNy00ZDI1LWFiMWYtNGJkNDFhNTM5OGZm&state=CfDJ8CGkFfOcMF9BqQuVqGjsPmkIO_RJaHC3UPXRnuqggiA0xSjcl6AeQE5aDLZPmdewUxtyNgutcksCgl1Gvq-lgEkfahB5TAU2OUSGpUIJWHQ71PUq6rBHTEhw3NQps8D7RsZbAqFqEcZdK-k9ySY6fExuAPSw9ue3kMst_yuCZdOiyfdg0rTN--S6IIdXcI01jOII6bUeCVbDOD8Nuv-0ouDYsMHTcuk470TDpTLAfoqXOuWwcN5iB8u97tsXfJ0wxjIkC8I1DOScaoK75qf1IgSvjjx_Qw4iSSyucInqJKyDsy4-PmU7WTCZvR5_zJVmaX5VBVAG7Ma1HFLC6vpfhCWXGg_fwLvLFpy4c6Eir-2Xveb7O-lzbXKQLnYiDA2B2P1nuxdMzUIm89oSOyBXJJM&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.11.1.0 - - - 200 2040 text/html;charset=UTF-8 473.8640ms 2023-04-17 16:05:59.550 +08:00 [INF] Request starting HTTP/1.1 GET http://172.16.10.210:44322/connect/authorize?client_id=ReportDemo&redirect_uri=http%3A%2F%2F172.16.10.53%3A44338%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20AccountService%20IdentityService%20AdministrationService%20SaasService&response_mode=form_post&nonce=638173155594987024.OWZhOGY4NTItNWRmYy00ZTlkLWJjMmMtZTdkOTgxNjVlZmE5MTFjNzMzZjItZGQ1NS00NjY0LWJiNjctNjFkMDUzMjkxNGRj&state=CfDJ8CGkFfOcMF9BqQuVqGjsPmmJqmI-EwcjHbmqpvtNl8TS0PLaDROHgu9H2qAI-X3rFNbyktvqpgKzfJHUX0FPoOhkCpb4dEeVARyMprzG7Fw90eD6fVlOIARiTLijd0BJ9R-clnkQe9Hwa_cXGA_53ZZvpCcbSAe14T-HR_a0TVlf1vsVxnRAECphZSQx1AD_tAE__MsvSa7gQ616kyRRLjfTh2avHu8e_7pk6F8bVZrPmiIXoyHU9eHjHlNQiYoSl7BuUM3PW2CLeUYIaa7jSGXJcR45qF1bEJErVSaisL-2FwV9593tIFgxenotZhsgU07q_cuMZbN6o0j04FN6d8oDzSs7saMW_l10_5VZnje_qacaVm-NQ3ZpO9rYi4D-1o7TqXOWZBBPIhh3ExY-TgQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.11.1.0 - - 2023-04-17 16:05:59.551 +08:00 [INF] The request address matched a server endpoint: "Authorization". 2023-04-17 16:05:59.551 +08:00 [INF] The authorization request was successfully extracted: { "client_id": "ReportDemo", "redirect_uri": "http://172.16.10.53:44338/signin-oidc", "response_type": "code id_token", "scope": "openid profile roles email phone AccountService IdentityService AdministrationService SaasService", "response_mode": "form_post", "nonce": "638173155594987024.OWZhOGY4NTItNWRmYy00ZTlkLWJjMmMtZTdkOTgxNjVlZmE5MTFjNzMzZjItZGQ1NS00NjY0LWJiNjctNjFkMDUzMjkxNGRj", "state": "CfDJ8CGkFfOcMF9BqQuVqGjsPmmJqmI-EwcjHbmqpvtNl8TS0PLaDROHgu9H2qAI-X3rFNbyktvqpgKzfJHUX0FPoOhkCpb4dEeVARyMprzG7Fw90eD6fVlOIARiTLijd0BJ9R-clnkQe9Hwa_cXGA_53ZZvpCcbSAe14T-HR_a0TVlf1vsVxnRAECphZSQx1AD_tAE__MsvSa7gQ616kyRRLjfTh2avHu8e_7pk6F8bVZrPmiIXoyHU9eHjHlNQiYoSl7BuUM3PW2CLeUYIaa7jSGXJcR45qF1bEJErVSaisL-2FwV9593tIFgxenotZhsgU07q_cuMZbN6o0j04FN6d8oDzSs7saMW_l10_5VZnje_qacaVm-NQ3ZpO9rYi4D-1o7TqXOWZBBPIhh3ExY-TgQ", "x-client-SKU": "ID_NETSTANDARD2_0", "x-client-ver": "6.11.1.0" }. 2023-04-17 16:05:59.654 +08:00 [INF] The authorization request was successfully validated. 2023-04-17 16:05:59.658 +08:00 [INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' 2023-04-17 16:05:59.658 +08:00 [INF] Route matched with {action = "Handle", controller = "Authorize", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task1[Microsoft.AspNetCore.Mvc.IActionResult] HandleAsync() on controller Volo.Abp.OpenIddict.Controllers.AuthorizeController (Volo.Abp.OpenIddict.AspNetCore). 2023-04-17 16:05:59.658 +08:00 [INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy 2023-04-17 16:05:59.765 +08:00 [INF] Executing SignInResult with authentication scheme (OpenIddict.Server.AspNetCore) and the following principal: System.Security.Claims.ClaimsPrincipal. 2023-04-17 16:05:59.904 +08:00 [INF] The authorization response was successfully returned to 'http://172.16.10.53:44338/signin-oidc' using the form post response mode: { "code": "[redacted]", "id_token": "[redacted]", "state": "CfDJ8CGkFfOcMF9BqQuVqGjsPmmJqmI-EwcjHbmqpvtNl8TS0PLaDROHgu9H2qAI-X3rFNbyktvqpgKzfJHUX0FPoOhkCpb4dEeVARyMprzG7Fw90eD6fVlOIARiTLijd0BJ9R-clnkQe9Hwa_cXGA_53ZZvpCcbSAe14T-HR_a0TVlf1vsVxnRAECphZSQx1AD_tAE__MsvSa7gQ616kyRRLjfTh2avHu8e_7pk6F8bVZrPmiIXoyHU9eHjHlNQiYoSl7BuUM3PW2CLeUYIaa7jSGXJcR45qF1bEJErVSaisL-2FwV9593tIFgxenotZhsgU07q_cuMZbN6o0j04FN6d8oDzSs7saMW_l10_5VZnje_qacaVm-NQ3ZpO9rYi4D-1o7TqXOWZBBPIhh3ExY-TgQ" }. 2023-04-17 16:05:59.905 +08:00 [INF] Executed action Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore) in 246.6824ms 2023-04-17 16:05:59.905 +08:00 [INF] Executed endpoint 'Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' 2023-04-17 16:05:59.907 +08:00 [INF] Request finished HTTP/1.1 GET http://172.16.10.210:44322/connect/authorize?client_id=ReportDemo&redirect_uri=http%3A%2F%2F172.16.10.53%3A44338%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20AccountService%20IdentityService%20AdministrationService%20SaasService&response_mode=form_post&nonce=638173155594987024.OWZhOGY4NTItNWRmYy00ZTlkLWJjMmMtZTdkOTgxNjVlZmE5MTFjNzMzZjItZGQ1NS00NjY0LWJiNjctNjFkMDUzMjkxNGRj&state=CfDJ8CGkFfOcMF9BqQuVqGjsPmmJqmI-EwcjHbmqpvtNl8TS0PLaDROHgu9H2qAI-X3rFNbyktvqpgKzfJHUX0FPoOhkCpb4dEeVARyMprzG7Fw90eD6fVlOIARiTLijd0BJ9R-clnkQe9Hwa_cXGA_53ZZvpCcbSAe14T-HR_a0TVlf1vsVxnRAECphZSQx1AD_tAE__MsvSa7gQ616kyRRLjfTh2avHu8e_7pk6F8bVZrPmiIXoyHU9eHjHlNQiYoSl7BuUM3PW2CLeUYIaa7jSGXJcR45qF1bEJErVSaisL-2FwV9593tIFgxenotZhsgU07q_cuMZbN6o0j04FN6d8oDzSs7saMW_l10_5VZnje_qacaVm-NQ3ZpO9rYi4D-1o7TqXOWZBBPIhh3ExY-TgQ&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.11.1.0 - - - 200 2040 text/html;charset=UTF-8 356.2641ms

The operation steps are shown in the following figure:


13 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Can you check those?

    https://www.cnblogs.com/stulzq/p/13954245.html https://stackoverflow.com/questions/50262561/correlation-failed-in-net-core-asp-net-identity-openid-connect

  • User Avatar
    0
    guoanjin created

    Hi Why is external authorization login? The page will be called back to the registration page, not the login page of the authorization center

    Modified local configuration appsettings.json

    "Settings": { "Abp.Account.IsSelfRegistrationEnabled": false, "Abp.Account.EnableLocalLogin": false }

    Click the login button to adjust to the authorization center page

    http://172.16.10.210:44322/connect/authorize?client_id=ReportDemo&redirect_uri=http://172.16.10.53:44338/signin-oidc&response_type=code id_token&scope=openid profile roles email phone AccountService IdentityService AdministrationService SaasService&response_mode=form_post&nonce=638175511421012693.MjllNTM0MjItM2I4OC00YTQxLTkxMjYtZjA3OGJkMTZiYzVkMzMzMTJjZDAtZWI5YS00NWU1LTgwYzEtNDUyYzEzMzJjNDk5&state=CfDJ8CGkFfOcMF9BqQuVqGjsPmkUiAQ-qr26COAb3ZpYXfIqrhRENdHI3s0mNNF3oYFM42Fx-QSyj0E0E-3ksNYFFMna34WePuihsjAsn-CXAj4iuwH9sMHf6_QWZXtN5WRX8FYwUF3KYavo0ScSRcg9Za0MafqLM53zJbQndSBzbJd-MMNyIfGq1aRiy3mOPQ6XtdDeE1gvz1FFzlVO7k-sl0J2uI-hBaLBYE26eEy9KwjI6bFXjsM_Y7WhbcdAZRYCPMQ27hi1HBafp9EAZLiPFpiLnrUFxGe4lH2VKUTABD0ipzw_rdYEYlmNL61nYIUH_uCFaxj3aIZGQzoWIqCGPf9K6arD7oekcZaBPEqZQE8rFyMOo-Oe486hWjQx83cylEwldG-cE25zdx47SBct5Mg&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.11.1.0

    And immediately adjust tohttp://172.16.10.53:44338/Account/Register?IsExternalLogin=True&ExternalLoginAuthSchema=oidc

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    Because there is no local account here, you can try this:

    .AddOpenIdConnect(Azure...,options =>
    {
        var tokenValidated = options.Events.OnTokenValidated;
        options.Events.OnTokenValidated = validatedContext =>
        {
            tokenValidated.Invoke(validatedContext);
            validatedContext.Principal.AddClaim(AbpClaimTypes.Email, validatedContext.Principal.FindFirstValue(ClaimTypes.Email));
            return Task.CompletedTask;
        };
    })
    
  • User Avatar
    0
    guoanjin created

    Hi, Following your instructions, the same error occurred. The page that was redirected back is/Account/Register http://172.16.10.53:44338/Account/Register?IsExternalLogin=True&ExternalLoginAuthSchema=oidc

    the configuration as follow:

     .AddAbpOpenIdConnect("oidc", options =>
    
            {
    
                options.Authority = configuration["AuthServer:Authority"];
                options.RequireHttpsMetadata = Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]); ;
                options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
    
                options.ClientId = configuration["AuthServer:ClientId"];
                options.ClientSecret = configuration["AuthServer:ClientSecret"];
    
                options.SaveTokens = true;
                options.GetClaimsFromUserInfoEndpoint = true;
    
                options.Scope.Add("roles");
                options.Scope.Add("email");
                options.Scope.Add("phone");
                options.Scope.Add("AccountService");
                options.Scope.Add("IdentityService");
                options.Scope.Add("AdministrationService");
                options.Scope.Add("SaasService");
                //options.Scope.Add("ProductService");
                //options.Scope.Add("ElsaService");
    
                var tokenValidated = options.Events.OnTokenValidated;
                options.Events.OnTokenValidated = validatedContext =>
                {
                    tokenValidated.Invoke(validatedContext);
                    validatedContext.Principal.AddClaim(AbpClaimTypes.Email, validatedContext.Principal.FindFirstValue(ClaimTypes.Email));
                    return Task.CompletedTask;
                };
    
    
            });
    
    .AddOpenIdConnect(Azure...,options => 
    { 
        var tokenValidated = options.Events.OnTokenValidated; 
        options.Events.OnTokenValidated = validatedContext => 
        { 
            tokenValidated.Invoke(validatedContext); 
            validatedContext.Principal.AddClaim(AbpClaimTypes.Email, validatedContext.Principal.FindFirstValue(ClaimTypes.Email)); 
            return Task.CompletedTask; 
        }; 
    }) 
    
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I can't reproduce the problem

    .AddOpenIdConnect("AzureOpenId", "Azure AD OpenId", options =>
    {
        options.Authority = "https://login.microsoftonline.com/" + configuration["AzureAd:TenantId"] + "/v2.0/";
        options.ClientId = configuration["AzureAd:ClientId"];
        options.ResponseType = OpenIdConnectResponseType.CodeIdToken;
        options.CallbackPath = configuration["AzureAd:CallbackPath"];
        options.ClientSecret = configuration["AzureAd:ClientSecret"];
        options.RequireHttpsMetadata = false;
        options.SaveTokens = true;
        options.GetClaimsFromUserInfoEndpoint = true;
        options.Scope.Add("email");
        options.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "sub");
        
        var onTokenValidated = options.Events.OnTokenValidated;
        options.Events.OnTokenValidated = validatedContext =>
        {
            validatedContext.Principal.AddClaim(AbpClaimTypes.Email, 
                validatedContext.Principal.FindFirstValue(ClaimTypes.Email));
            return onTokenValidated.Invoke(validatedContext);
        };
    })
    

  • User Avatar
    0
    guoanjin created

    hi Can you send me your demo? I'll compare it

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    ok. What's your email?

  • User Avatar
    0
    guoanjin created

    hi
    My email: 276389409@qq.com, thank you

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I shared the project with you, please check it

  • User Avatar
    0
    guoanjin created

    hi Why is the permission policy empty after authorized login?

     "auth": {
        "grantedPolicies": {}
      },
      "setting": {
        "values": {
          "Abp.Localization.DefaultLanguage": "en",
          "Abp.Timing.TimeZone": "UTC",
          "Abp.Identity.Password.RequiredLength": "6",
          "Abp.Identity.Password.RequiredUniqueChars": "1",
          "Abp.Identity.Password.RequireNonAlphanumeric": "True",
          "Abp.Identity.Password.RequireLowercase": "True",
          "Abp.Identity.Password.RequireUppercase": "True",
          "Abp.Identity.Password.RequireDigit": "True",
          "Abp.Identity.Lockout.AllowedForNewUsers": "True",
          "Abp.Identity.Lockout.LockoutDuration": "300",
          "Abp.Identity.Lockout.MaxFailedAccessAttempts": "5",
          "Abp.Identity.SignIn.RequireConfirmedEmail": "False",
          "Abp.Identity.SignIn.EnablePhoneNumberConfirmation": "True",
          "Abp.Identity.SignIn.RequireConfirmedPhoneNumber": "False",
          "Abp.Identity.User.IsUserNameUpdateEnabled": "True",
          "Abp.Identity.User.IsEmailUpdateEnabled": "True",
          "Abp.Identity.OrganizationUnit.MaxUserMembershipCount": "2147483647",
          "Abp.Identity.TwoFactor.Behaviour": "Optional",
          "Abp.Identity.TwoFactor.UsersCanChange": "True",
          "Abp.Account.EnableLdapLogin": "false",
          "Abp.Identity.EnableOAuthLogin": "false",
          "Abp.Identity.OAuthLogin.Authority": null,
          "Abp.Identity.OAuthLogin.ClientId": null,
          "Abp.Identity.OAuthLogin.ClientSecret": null,
          "Abp.Identity.OAuthLogin.Scope": null,
          "Abp.Identity.OAuthLogin.RequireHttpsMetadata": "false",
          "Abp.Identity.OAuthLogin.ValidateEndpoints": "false",
          "Abp.Identity.OAuthLogin.ValidateIssuerName": "false",
          "Abp.Account.IsSelfRegistrationEnabled": "False",
          "Abp.Account.EnableLocalLogin": "False",
          "Abp.Account.TwoFactorLogin.IsRememberBrowserEnabled": "true",
          "Abp.Account.Captcha.UseCaptchaOnLogin": "false",
          "Abp.Account.Captcha.UseCaptchaOnRegistration": "false",
          "Abp.Account.Captcha.VerifyBaseUrl": "https://www.google.com/",
          "Abp.Account.Captcha.SiteKey": null,
          "Abp.Account.Captcha.Version": "3",
          "Abp.Account.Captcha.Score": "0.5",
          "Abp.Account.ProfilePictureSource": "False",
          "Volo.Abp.LeptonTheme.Layout.Boxed": "False",
          "Volo.Abp.LeptonTheme.Layout.MenuPlacement": "Left",
          "Volo.Abp.LeptonTheme.Layout.MenuStatus": "AlwaysOpened",
          "Volo.Abp.LeptonTheme.Style": "Style6",
          "Volo.Abp.LeptonTheme.Style.PublicLayout": "Style1"
        }
      },
      "currentUser": {
        "isAuthenticated": true,
        "id": "0d08f47e-23b7-b89c-45bd-3a0ab4f41e11",
        "tenantId": null,
        "impersonatorUserId": null,
        "impersonatorTenantId": null,
        "impersonatorUserName": null,
        "impersonatorTenantName": null,
        "userName": "test@qq.com",
        "name": "test",
        "surName": "test",
        "email": "test@qq.com",
        "emailVerified": false,
        "phoneNumber": null,
        "phoneNumberVerified": false,
        "roles": []
      },
    
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    I think there is a new account without any roles, you can add some roles to the account

  • User Avatar
    0
    guoanjin created

    Hi,

    After authorized login, a new user was indeed created again

    Now the subsystem wants to retrieve user permissions, roles, and other information directly from the authorization center

    Rebuilding seems to violate single sign on

    Is there any way

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    You can check this: https://support.abp.io/QA/Questions/2289/Problemin-assign-a-new-role-to-the-user#answer-3a84594d-c1aa-e342-7885-3a010d738f2e

    It immediately refreshes the current user's roles

Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15