Migrating data from IdentityServer to OpenIddic #7483 | ABP Support | ABP.IO | ABP Support

nhontran created 2 months ago

ABP Framework version: v5.2.2
UI Type: Angular
Database System: EF Core (SQL Server)
Tiered (for MVC) or Auth Server Separated (for Angular): yes

We are migrating our auth server from IdentityServer to OpenIdDict. While we have reviewed the migration guide, we have not found any documentation on how to migrate the data from IdentityServer tables to OpenIdDict tables. Could you provide guidance on this process?

7 Answer(s)

0

maliming created 2 months ago
Support Team Fullstack Developer

hi

You can refer to OpenIddictDataSeedContributor class.

https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/OpenIddict/OpenIddictDataSeedContributor.cs

https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.DbMigrator/appsettings.json#L10-L48

How many clients do you have?
0

nhontran created 2 months ago

Hi @maliming, I have checked the OpenIddictDataSeedContributor, but there are some features that available in IdentityServer but missing in OpenIdDict.

With IdentityServer, we can create the Api Resources and Identity Resource using the following screens:

<br> And then we can configure the Api Resource & Identity Resources for a Client:

How can we achieve these features with OpenIdDict?
0

maliming created 2 months ago
Support Team Fullstack Developer

hi

There are only Scope and Application that you need to pay attention to in OpenIddict.

https://github.com/abpframework/abp/blob/dev/templates/app/aspnet-core/src/MyCompanyName.MyProjectName.Domain/OpenIddict/OpenIddictDataSeedContributor.cs#L55-L56

For claims management, you can check https://docs.abp.io/en/abp/latest/Modules/OpenIddict#updating-claims-in-access_token-and-id_token

Add your claim types to id/access token from AbpOpenIddictClaimsPrincipalHandlerContext's Principal.

What are grantTypes of your client?
0

nhontran created 2 months ago

Hi @maliming, does it mean there is no UI to configure it and we need to manage the claims in code?

we are using "client_credentials" & "authorization_code" grant types.
0

maliming created 2 months ago
Support Team Fullstack Developer

Yes, there is no UI to configure the claims. You have to change it by code.

You can add an IAbpOpenIddictClaimsPrincipalHandler to see if your oauth2 request works.

If you get an error, please share the logs. I will check it.

Thanks.
0

nhontran created 2 months ago

ok, I will try and update the result here.

This seems like a drawback for us. Is there any plan to make this configurable through the UI?
0

maliming created 2 months ago
Support Team Fullstack Developer

hi

I will investigate this. Thank you

The design of Openiddict and identity server are different, so this may not be possible.

Have an answer to this question? Log in and write your answer.