Open Closed

Token Create #5792


User avatar
0
yunusemrecaglar created
  • ABP Framework version: v7.2.2
  • UI Type: Blazor Server
  • Database System: EF Core (SQL Server, Oracle, MySQL, PostgreSQL, etc..)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes

Hello, I have two projects. both of them are monolith projects. Let's call them Project A and Project B. In Project A, I can provide a token to Project B through the Auth Server in Project A and perform user authentication. The Auth Server in Project B is non-functional and disabled. Project B is making a request to an endpoint in Project A, but it says it's an unauthorized operation. The tokens are different; they contain information like 'b_BlazorTiered.' How can I obtain the token from Project A in Project B?


14 Answer(s)
  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi

    Can you confirm the Project B BlazorServerModule authentication configuration does it points to project A auth server?

    appsettings,json

  • User Avatar
    0
    yunusemrecaglar created

    Yes, they are performing identity verification from the same place. That part is working. When I try to access the endpoint from project B to project A, it gives a 401 error.

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi

    is it possible for you to share accesstoken that is being used or decoded details from jwt.io?

  • User Avatar
    0
    yunusemrecaglar created

    The token of project B.

    eyJhbGciOiJSUzI1NiIsImtpZCI6IjZDMzYwQjU1MUI2MjA4ODU4QjIzOEJCNkU5QzBDQTUyRjQ5RjNBMUIiLCJ4NXQiOiJiRFlMVlJ0aUNJV0xJNHUyNmNES1V2U2ZPaHMiLCJ0eXAiOiJhdCtqd3QifQ.eyJzdWIiOiI2ZTllYzU0Yy0zY2E3LTQ0YTgtZTU0Yy0zYTBiZjZiNTg1MTYiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImVtYWlsIjoieXVudXNlbXJlY2FnbGFyQGVyY2l5ZXMuZWR1LnRyIiwicm9sZSI6IlN1cGVyIEFkbWluIiwiZ2l2ZW5fbmFtZSI6IllVTlVTIEVNUkUiLCJmYW1pbHlfbmFtZSI6IsOHQcSeTEFSIiwicGhvbmVfbnVtYmVyIjoiMDUwNzA0NDU2ODMiLCJwaG9uZV9udW1iZXJfdmVyaWZpZWQiOiJUcnVlIiwiZW1haWxfdmVyaWZpZWQiOiJUcnVlIiwidW5pcXVlX25hbWUiOiJhZG1pbiIsIm9pX3Byc3QiOiJPYml5b3Npc19CbGF6b3JTZXJ2ZXJUaWVyZWQiLCJpc3MiOiJodHRwczovL3BieXNpZGVudGl0eS5lcmNpeWVzLmVkdS50ci8iLCJvaV9hdV9pZCI6Ijc1OGI3NGQ2LTQxYWEtMDk2OC0yNDBkLTNhMGRhNWVkMDQ2OCIsImNsaWVudF9pZCI6Ik9iaXlvc2lzX0JsYXpvclNlcnZlclRpZXJlZCIsIm9pX3Rrbl9pZCI6ImQ1NjkwYWI3LTg2M2QtYjFiYi01MDJlLTNhMGRhNzZmMTZkYiIsImF1ZCI6Ik9iaXlvc2lzIiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSByb2xlcyBlbWFpbCBwaG9uZSBPYml5b3NpcyIsImp0aSI6ImRjOTNhNzU2LTk2MGYtNDAwYS1hOWIzLWE4ZjViNTVhOTJlMiIsImV4cCI6MTY5NDcyNDg2MSwiaWF0IjoxNjk0NzIxMjYxfQ.L6Y83-6LepZKQChMdKqdN1wE_w9gHhZrvraIZIfVwhJShKXxSHefYeplUWRjkD5FYDdm6zIZRhbvPlMugXaHAESDmBABbVfKKo_n6LNub59FkQ78SpL6PJeu5wgzUj48AWUYjFBFEqP7TJ92OAldTOrWwgHraygMnL2OkB0TDRqq_-1T6iWULdsGCjxsfxmBQFLMyoVzTO_AALAur3n3qxa6beCvy6K6Wi8VsrKJ7b7wLT0OVMUYh37ho984h3XSDFta6YC7f1TvyZNv1idCHfQly2SN1Li_BRqeGpostO2Wxs8fvBGSjPpkXipmD_ZDXEEMA2QBzBYxJNNa01d38g

    The token of project A.

    eyJhbGciOiJSUzI1NiIsImtpZCI6IkI4NzIxMjExMkNDNTVDMTFFOTFDMTdFNzAzMTM5RDFGRTYwMzlBNDYiLCJ4NXQiOiJ1SElTRVN6RlhCSHBIQmZuQXhPZEgtWURta1kiLCJ0eXAiOiJhdCtqd3QifQ.eyJzdWIiOiI2ZTllYzU0Yy0zY2E3LTQ0YTgtZTU0Yy0zYTBiZjZiNTg1MTYiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJhZG1pbiIsImVtYWlsIjoieXVudXNlbXJlY2FnbGFyQGVyY2l5ZXMuZWR1LnRyIiwicm9sZSI6IlN1cGVyIEFkbWluIiwiZ2l2ZW5fbmFtZSI6IllVTlVTIEVNUkUiLCJmYW1pbHlfbmFtZSI6IsOHQcSeTEFSIiwicGhvbmVfbnVtYmVyIjoiMDUwNzA0NDU2ODMiLCJwaG9uZV9udW1iZXJfdmVyaWZpZWQiOiJUcnVlIiwiZW1haWxfdmVyaWZpZWQiOiJUcnVlIiwidW5pcXVlX25hbWUiOiJhZG1pbiIsIm9pX3Byc3QiOiJQYnlzX0JsYXpvclNlcnZlclRpZXJlZF9Mb2NhbCIsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0OjQ0MzM1LyIsIm9pX2F1X2lkIjoiYTM3OTk1N2ItMDExMy1kY2YxLWJmN2YtM2EwYmY5MmM3N2JhIiwiY2xpZW50X2lkIjoiUGJ5c19CbGF6b3JTZXJ2ZXJUaWVyZWRfTG9jYWwiLCJvaV90a25faWQiOiIwOTBmZGJkZC1jYzJlLWFmMWQtOWE5My0zYTBkYjEzYWNmMjQiLCJhdWQiOiJQYnlzIiwic2NvcGUiOiJvcGVuaWQgcHJvZmlsZSByb2xlcyBlbWFpbCBwaG9uZSBQYnlzIiwianRpIjoiNDA1OWUzZWEtMGVjMS00ZWMzLThhMjItMzA3NWJmYzYzNTMwIiwiZXhwIjoxNjk0ODg5MjA3LCJpYXQiOjE2OTQ4ODU2MDd9.uvw9izA8gfQ3lv2Nn3qxRyX3EHqHlg2_0hZ7fETztMWuVfd3-XrIv_nIA_jCuXmB4L3lUsONSYInDbSXGCWrfx-m03lwGmWyIJJIJHhrs8OSyK0k7OjoZxeHtCd1amA5g5TgotP_qtsR_W1Y3DvKRxTGMK7RCwnncSAMLyFEXgZIhxTXykW7936Zgkz2ADcRhhvIQgYcUROC0wcsmY2OxnBYq0BAQvoI1lzwI3rW8AHsuDDTzoBjlKCwyE7GBxotgF8sYvxNlGdKdFc3jC5kYQuIEFD0oqB1sX7fmGQ3aDHDcp02PMxqI3QciZZrxzqfXg0iY0YNfFcUncGyzML2qg

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi,

    is project b deployed app and project a is running on local? If you are not using Project B authserver you shouldn't have two different tokens.

  • User Avatar
    0
    yunusemrecaglar created

    Project B is a monolithic project. It is entirely different from project A, but they share a common auth server and both obtain their permissions from the same auth server. How can I singularize the token? In the OAuth 2.0 tables, there are rows for both project A and project B. Should I merge these rows?

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi

    i guess OAuth 2.0 tables means clients right. you can have multiple clients make sure that Project A has that project b client registered.

    Is this something I can reproduce by creating two blazor server application. can you please provide steps to reproduce with your scenario, I will try at my end.

  • User Avatar
    0
    yunusemrecaglar created

    I'll explain the entire structure then. I created project A as a monolith, with the backend part running on localhost:44589. The auth server is on localhost:44879. Project B is also a monolith, with the frontend on localhost:44223 and the backend on localhost:44558. In project B, I've set the 'AuthServer:Authority' to the IP of project A's auth server (localhost:44879), and this part is working. The issue arises when I try to access an endpoint at localhost:44589 from localhost:44223, resulting in a 401 error. I'm using project B's token as the token. I want to obtain project A's token on project B's frontend so that I can make requests to the endpoint at localhost:44589.

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi

    i have create two project Projecta and Projectb

    now my project b can access projectb's api with project a accesstoken

    Project A configuration changes DbMigrator appsetting.json (please run migrator after this)

    in project A OpenIddictDataSeedContributor.cs

    
        var commonScopesProjectb = new List<string> {
            OpenIddictConstants.Permissions.Scopes.Address,
            OpenIddictConstants.Permissions.Scopes.Email,
            OpenIddictConstants.Permissions.Scopes.Phone,
            OpenIddictConstants.Permissions.Scopes.Profile,
            OpenIddictConstants.Permissions.Scopes.Roles,
            "Projectb"
        };
            // Blazor Server Project B Tiered Client
            var blazorServerProjectBTieredClientId = configurationSection["Projectb_BlazorServerTiered:ClientId"];
            if (!blazorServerProjectBTieredClientId.IsNullOrWhiteSpace())
            {
                var blazorServerTieredRootUrl = configurationSection["Projectb_BlazorServerTiered:RootUrl"].EnsureEndsWith('/');
    
                await CreateApplicationAsync(
                    name: blazorServerProjectBTieredClientId!,
                    type: OpenIddictConstants.ClientTypes.Confidential,
                    consentType: OpenIddictConstants.ConsentTypes.Implicit,
                    displayName: "Blazor Server Application",
                    secret: configurationSection["Projectb_BlazorServerTiered:ClientSecret"] ?? "1q2w3e*",
                    grantTypes: new List<string> //Hybrid flow
                    {
                        OpenIddictConstants.GrantTypes.AuthorizationCode, OpenIddictConstants.GrantTypes.Implicit
                    },
                    scopes: commonScopesProjectb,
                    redirectUri: $"{blazorServerTieredRootUrl}signin-oidc",
                    postLogoutRedirectUri: $"{blazorServerTieredRootUrl}signout-callback-oidc",
                    clientUri: blazorServerTieredRootUrl,
                    logoUri: "/images/clients/blazor.svg"
                );
            }
    
            // Swagger ProjectB Client
            var swaggerProjectBClientId = configurationSection["Projectb_Swagger:ClientId"];
            if (!swaggerProjectBClientId.IsNullOrWhiteSpace())
            {
                var swaggerRootUrl = configurationSection["Projectb_Swagger:RootUrl"]?.TrimEnd('/');
    
                await CreateApplicationAsync(
                    name: swaggerProjectBClientId!,
                    type: OpenIddictConstants.ClientTypes.Public,
                    consentType: OpenIddictConstants.ConsentTypes.Implicit,
                    displayName: "Swagger Application",
                    secret: null,
                    grantTypes: new List<string> { OpenIddictConstants.GrantTypes.AuthorizationCode, },
                    scopes: commonScopesProjectb,
                    redirectUri: $"{swaggerRootUrl}/swagger/oauth2-redirect.html",
                    clientUri: swaggerRootUrl,
                    logoUri: "/images/clients/swagger.svg"
                );
            }
    

    Please run dbmigrator after these changes and confirm in DB following

    in database please check if you have these scopes

    Project B Configuration I hope everywhere the authority in appsetting.json of project b is of Project A Auth Server URL

  • User Avatar
    0
    yunusemrecaglar created

    Indeed, when I do it this way, it acquires the token. I log in from Project B's Blazor application using Project A's auth server. However, when I call the endpoint in Project A's backend from Project B's Blazor application, it returns a 401 error.

  • User Avatar
    1
    Anjali_Musmade created
    Support Team Support Team Member

    Hi

    Can you try requesting projecta scrope from projectb blazor app?

  • User Avatar
    0
    yunusemrecaglar created

    How can I request it? I need Project A's token. How can I obtain the token created for Project A? I need to obtain Project A's token within Project B's application.

  • User Avatar
    0
    Anjali_Musmade created
    Support Team Support Team Member

    Hi

    To access projecta resource you need to request for project a scopes from project b blazor server module add below scopes options.Scope.Add("Projecta"); in blazorb module

    in projecta OpenIddictDataSeedContributor

    i was able to access projecta api with projectb accesstoken

  • User Avatar
    0
    yunusemrecaglar created

    It worked, thank you!

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38