Open Closed

Resource Owner Password Flow logout redirects to incorrect login url #5218


User avatar
0
krapholo created

If you're creating a bug report, please include the followings:

  • ABP Framework version: v7.2.2
  • UI type: Angular
  • DB provider: EF Core
  • Identity Server Separated (Angular): Yes
  • Exception message and stack trace: We picked up the below error: which seems to originate from here: is there a configuration to maybe set the return URL? we tried setting the identity post-logout URL but that also does not work.
  • Steps to reproduce the issue:"
  1. Open the home page on http://localhost:4200/
  2. Click on the login lint which navigates the user to http://localhost:4200/account/login
  3. Enter the user name and password then click login which navigates the user back to http://localhost:4200/
  4. Click logout which navigates the user to https://localhost:44336/Account/Login instead of http://localhost:4200/account/login

environment.ts file sample

import { Environment } from '@abp/ng.core';

const baseUrl = 'http://localhost:4200';

const oAuthConfig = {
  issuer: 'https://localhost:44336/',
  redirectUri: baseUrl,
  clientId: 'MyApp_App',
  dummyClientSecret: '1q2w3e*',
  scope: 'offline_access MyApp',
  showDebugInformation: true,
  oidc: false,
  requireHttps: true,
};

export const environment = {
  production: false,
  application: {
    baseUrl,
    name: 'MyApp',
  },
  oAuthConfig,
  apis: {
    default: {
      url: 'https://localhost:44360',
      rootNamespace: 'MyApp',
    },
    AbpAccountPublic: {
      url: oAuthConfig.issuer,
      rootNamespace: 'MyApp',
    },
  },
} as Environment;


29 Answer(s)
  • User Avatar
    0
    krapholo created

    Hi Mahmut,
    any feedback on this ticket? I added some new details in the exception message stack trace section

  • User Avatar
    0
    Long.Nguyen created

    Hi @krapholo, Let me have a look at this.

  • User Avatar
    0
    Long.Nguyen created

    Hi, Could you please double check in database, table "OpenIddictApplications" and query the records of redirect URIs like the following:

    Normally, the Redirect Uris would be added into database by DataSeeder which execute at first run of the .DbMigrator project.

  • User Avatar
    0
    krapholo created

    Hi @Long.Nguyen,

    We are still using Identity server we have not yet migrated to OpenIddict.

    our client redirect links have been set on the IDENTITYSERVERCLIENTREDIRECTURIS and IDENTITYSERVERCLIENTPOSTLOGOUTREDIRECTURIS see below images.

    However, we are still being redirected to the incorrect login page.

  • User Avatar
    0
    Long.Nguyen created

    Hi, In the provided environment.ts: clientId: 'MyApp_App',

    In the database, the ClientId looks different. Could you please double check ?

  • User Avatar
    0
    Long.Nguyen created

    You could login to Host by admin account, on left menu click Identity Server>Clients, pick your app client, click Actions>Edit, go to Application Urls menu, select Signout and configure your signout/logout urls here. We can define multiple values.

  • User Avatar
    0
    krapholo created

    Hi @Long.Nguyen yes that is correct the environment app name on our side is different in the environment file was just to display the setting that we are using on our side. The client_id all correlates on our side between what we have on the Db as well as what we have on the settings page. this is the actual client id in our environemnt.ts

  • User Avatar
    0
    Long.Nguyen created

    Hi, Could you please double check connectionstrings in appsettings of both Host and IdentityServer project to see if they connect to the same db ?

  • User Avatar
    0
    krapholo created

    Hi, the connection strings are correct for both the host and identity server on our side.

  • User Avatar
    0
    krapholo created

    Hi @Long.Nguyen,

    anything else we could possibly try?

    also, we upgraded from version 5.2.1 to version 7.2.2 using the migration guides in the documentation.

    The redirect used to work on version 5.2.1.

  • User Avatar
    0
    Long.Nguyen created

    Hmm, everything seems to be fine. Did you try to refresh page, clear any caches ?

  • User Avatar
    0
    krapholo created

    Hi Long.Nguyen,

    I have tried refreshes even doing a hard refresh(ctrl + f5) and also clearing the browser cache as well and that still does not work

    could the have been an update in the latest version of ABP that maybe introduced a new configuration that we need to add?

    Because we did not make any identity server changes other than upgrading to the latest version of ABP.

    Also, why can't identity server find the post logout URL, when it is already being set in the environment.ts file or configure the signout URL on the identity clients page/or use db migrations? currently, none of these options are working at the moment and they worked on the previous version we were on. Please see the logs attached above and below here.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Please share the full HTTP request logs of your Identity Server during logout. Thanks

    liming.ma@volosoft.com

  • User Avatar
    0
    krapholo created

    Hi @maliming

    I've sent the logs attached to a text file to your email address.

  • User Avatar
    0
    krapholo created

    Hi @maliming

    I've also sent the more detailed logs via text file to your email address.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Thanks. I will check it asap

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi krapholo

    The logs seem to be incomplete.

    Please delete Logs.txt first, then run the backend and angular. End the application after reproducing the problem and share Logs.txt.

    Try to set log level to Debug.

    public class Program
    {
        public async static Task<int> Main(string[] args)
        {
            Log.Logger = new LoggerConfiguration()
                .MinimumLevel.Debug()
                .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning)
                .Enrich.FromLogContext()
                .WriteTo.Async(c => c.File("Logs/logs.txt"))
                .WriteTo.Async(c => c.Console())
                .CreateLogger();
    
  • User Avatar
    0
    krapholo created

    Hi @maliming,

    I generated new logs with the minimum level set to debug and emailed them to you.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Thanks, Our angular team will confirm this.

  • User Avatar
    0
    krapholo created

    Hi @maliming, thanks hopefully we can get some feedback today.

  • User Avatar
    0
    mahmut.gundogdu created

    Hi @maliming, thanks hopefully we can get some feedback today. I have created app (7.2.2). Remove responseCode ine environment.ts

    I couldn't produce

  • User Avatar
    0
    krapholo created

    Hi @mahmut.gundogdu,

    that is strange can you please send us a sample of the environment.ts file that was used to compare with our one?

    also please send us the db logs for identity server tables for the redirect/post-redirect link configuration.

    I'm also assuming that the solution uses Identity server instead of openiddict?

    Oh, also we are not using the new LeptonX theme yet.

  • User Avatar
    0
    mahmut.gundogdu created

    Hi @mahmut.gundogdu,

    that is strange can you please send us a sample of the environment.ts file that was used to compare with our one?

    also please send us the db logs for identity server tables for the redirect/post-redirect link configuration.

    I'm also assuming that the solution uses Identity server instead of openiddict?

    Oh, also we are not using the new LeptonX theme yet.

    1. sure. You can create DemoApp with cli (a demo applications don't affect your credit). My Env https://gist.github.com/mahmut-gundogdu/0b5e8facbb106bfd9f7ce46af5fca8ff

    I will try with identity-server. I guess,You don't have to set redirect link. just comment the response code. it should works. isn't it @maliming?

  • User Avatar
    0
    krapholo created

    Hi @mahmut.gundogdu,

    I have had a look at the environment.ts file and we have the same configuration but the redirect is still not working as expected.

    Please let me know how the identity-server test goes, also please try and use the normal lepton theme we have not migrated to lepton x yet.

  • User Avatar
    0
    krapholo created

    Hi @mahmut.gundogdu,

    that is strange can you please send us a sample of the environment.ts file that was used to compare with our one?

    also please send us the db logs for identity server tables for the redirect/post-redirect link configuration.

    I'm also assuming that the solution uses Identity server instead of openiddict?

    Oh, also we are not using the new LeptonX theme yet.

    1. sure. You can create DemoApp with cli (a demo applications don't affect your credit). My Env https://gist.github.com/mahmut-gundogdu/0b5e8facbb106bfd9f7ce46af5fca8ff

    I will try with identity-server. I guess,You don't have to set redirect link. just comment the response code. it should works. isn't it @maliming?

    Hi @mahmut.gundogdu, any feedback on the Identity server using the normal Lepton theme test?

Made with ❤️ on ABP v9.1.0-preview. Updated on December 05, 2024, 12:19