Open Closed

Impersonation of user within a specific tenant is not working #5173


User avatar
0
bhasinp created
  • ABP Framework version: v5.1.3
  • UI type: Angular
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): yes / no
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

Hi Team,

Impersonation works fine in case I Impersonate the user from master tenant.

When I logged into a specific tenant and try to impersonate user its not working Request: /connect/token (400 bad request) Reponse:"error": "invalid_request"

I checked and __tenant header is passing correctly

Form Body is as followed

access_token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjFDNUMzM0IwNjY0MDczNTYxRDE3N0RDMzAyMDkzM0VCIiwidHlwIjoiYXQrand0In0.eyJuYmYiOjE2ODU1MjI3ODgsImV4cCI6MTcxNzA1ODc4OCwiaXNzIjoiaHR0cHM6Ly9tb3RydjIuY29tOjQ0MzY4IiwiYXVkIjoibW90ciIsImNsaWVudF9pZCI6Im1vdHJfQXBwIiwic3ViIjoiODAxOGQ2OWMtODQ3Ny0zN2VhLWRjOTEtM2EwYTg4OGY3OGFjIiwiYXV0aF90aW1lIjoxNjg1NTIyNzgwLCJpZHAiOiJsb2NhbCIsInRlbmFudGlkIjoiMzdmNjAyZjAtZjg5NS0yYTAwLTdkNzctM2EwYTg4OGY3NjYzIiwiaHR0cDovL3NjaGVtYXMueG1sc29hcC5vcmcvd3MvMjAwNS8wNS9pZGVudGl0eS9jbGFpbXMvZ2l2ZW5uYW1lIjoiYWRtaW4iLCJ1bmlxdWVfbmFtZSI6ImFkbWluIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJnaXZlbl9uYW1lIjoiYWRtaW4iLCJyb2xlIjoiYWRtaW4iLCJwaG9uZV9udW1iZXJfdmVyaWZpZWQiOiJGYWxzZSIsImVtYWlsIjoibWlrZS50b2JpYXNAbWVyY2FuaXguY29tIiwiZW1haWxfdmVyaWZpZWQiOiJGYWxzZSIsImVkaXRpb25pZCI6IjkwY2UzZGVlLWVmNjEtYmU4Ni1jZDJkLTNhMDFmMWIzZDA3NyIsIm5hbWUiOiJhZG1pbiIsInNpZCI6IjkxRkZCMkY5MEFERkVBMUVBMENGNDc5NTA5MDJFNjhEIiwiaWF0IjoxNjg1NTIyNzg4LCJzY29wZSI6WyJvcGVuaWQiLCJtb3RyIiwib2ZmbGluZV9hY2Nlc3MiXSwiYW1yIjpbInB3ZCJdfQ.V0D_5BxCvv_LVufBrKq-yrckIQpbh4TWdwH9TwFZK6B3OXLUrLK8ONOM5irIFgmx3_dSQnKSgsWqxc_L8OInqfdTw2i3eqBPU1q2PRUAPh7uvQiLR_2a7iib3YVrtAmOka9sOz5ajsnqrC4z4-l-9ah9zyvT2yF-16bXEMlZALLSpo__Hmm0YwtcDAX1EP3y__ja6VjiSB6aJxzU0FGsoJlENznRv0voWU--Uqfx6DnrgkZZLvLN5OopRDHPYjKDHVgSvpw_vo47DMxz571fGcOB-wc9n47gY5GJtRhEJdog2wBL-j0rdCKYNskDmd9dzeGmb_2PnBLZTzwvoBThbw grant_type: Impersonation Client_Id: xxxx_App Client_Secret: null TenantId: xxx-xxx-x-xx--x UserId: exxxxe5f-e668-3be9-f01d-3a0b8341fxxx


4 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Reponse:"error": "invalid_request"

    Could you share the full error logs? thanks.

  • User Avatar
    0
    bhasinp created

    Hi Thanks for reply

    Here are the logs.

    https://drive.google.com/file/d/14iT1yi5WXJBtT6OfSlyJmsYsWbh8OvVK/view?usp=drive_link

    Thanks

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer
    System.ArgumentNullException: Value cannot be null. (Parameter 'value')
       at System.Security.Claims.Claim..ctor(String type, String value, String valueType, String issuer, String originalIssuer, ClaimsIdentity subject, String propertyKey, String propertyValue)
       at System.Security.Claims.Claim..ctor(String type, String value)
       at Volo.Abp.Account.Web.ExtensionGrantValidators.ImpersonationExtensionGrantValidator.ImpersonateUserAsync(ExtensionGrantValidationContext context, Nullable`1 tenantId, Guid userId) in D:\Teams\Work\Initto\mot-r-V2\aspnet-core\modules\Volo.Account.Pro\src\Volo.Abp.Account.Pro.Public.Web.IdentityServer\ExtensionGrantValidators\ImpersonationExtensionGrantValidator.cs:line 242
       at Volo.Abp.Account.Web.ExtensionGrantValidators.ImpersonationExtensionGrantValidator.ValidateAsync(ExtensionGrantValidationContext context) in D:\Teams\Work\Initto\mot-r-V2\aspnet-core\modules\Volo.Account.Pro\src\Volo.Abp.Account.Pro.Public.Web.IdentityServer\ExtensionGrantValidators\ImpersonationExtensionGrantValidator.cs:line 124
       at IdentityServer4.Validation.ExtensionGrantValidator.ValidateAsync(ValidatedTokenRequest request)
    

    Abp is trying to add the current tenant's name to the claims, but the tenant's name is null. Can you check this tenant?

  • User Avatar
    0
    bhasinp created

    Hi Team,

    Thanks, this resolved my issue.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09