Open Closed

How to generate access token in backend only with user email? #6747


User avatar
0
dfzamora created

I would like to get some help from you since I've being searching all around and I can not find the solution for my question,

My use case is the next one:

I have an application developed in ABP 6 and using Angular UI, in the login I have a button which allows me to redirect to a SAML identity provider which is returning a code, I redirect the SAML application to a route in my Angular app and I read the incoming parameters to call a backend endpoint and get the email of the user that succeeded the SAML login process,

So now, I need to get this email, search if this exists in my users table and then generate an access token for that user, as you can see I am not able to use the user password, and I need to generate the token based on the user since in the whole application I am using some claims that are included in the token that is generated with the default password flow

I've being following the tutorial recommended for the community Implementing passwordless authentication with asp.net core, but this is specific for MVC application.

I found the method GenerateUserTokenAsync but it returns a token as string with 5 numbers, and as far as I understand the result of the request to connect/token is aJSON with the access_token, refresh_token and some other keys

Does someone have an idea or solution for this? Thanks!

  • ABP Framework version: 6.0
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Auth Server Separated (for Angular): yes

8 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    What the AuthServer are you using now?

    Identity Server or OpenIddict

  • User Avatar
    0
    dfzamora created

    Hello, I am using OpenIddict as Auth Server

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    https://support.abp.io/QA/Questions/6625/Create-user-access-token-JWT-Bearer-manually-on-openId--abp-8 https://community.abp.io/posts/how-to-add-a-custom-grant-type-in-openiddict.-6v0df94z

  • User Avatar
    0
    dfzamora created

    I have followed the example you posted, even though I have an error and it seems like I am not getting the right values from IOptionsMonitor<OpenIddictServerOptions>

    I am not sure if this error is because of a missing configuration on my side.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Are you calling your app service method from the authserver website?

    Because this options set by auth server website

  • User Avatar
    0
    dfzamora created

    hi

    Are you calling your app service method from the authserver website?

    Because this options set by auth server website

    Hello, I moved the code to the right project, now I am able to generate the token, however when I try to use that token in my API calls the response is Unauthorized, am I missing something else?

  • User Avatar
    0
    dfzamora created

    Hello I was able to generate the token, I had to include the expire date, not a null value, thanks for the support, however the issue is now on angular side,

    When I try to validate the token with OAuthService.hasValidAccessToken() it returns false, as far as I can see AuthGuard of abp is using that method internally, for that reason the routes are not active and I am not able to login even with the token

    I am not sure about the real issue since I have tested the token in ThunderClient and the API responds correctly to it.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    This is the source code of OAuthService.hasValidAccessToken()

    https://github.com/manfredsteyer/angular-oauth2-oidc/blob/0211482b52df1f553c278acc812d86f39b04c97e/projects/lib/src/oauth-service.ts#L2420-L2436

    You can override the AuthGuard to custom the logic.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 12, 2024, 07:15