Open Closed

AUTH: Uknown Client after update to 8.2 #7502


User avatar
0
brekelmans.ian@gmail.com created
  • ABP Framework version: v8.2.0
  • UI Type: Angular
  • Database System: EF Core (SQL Server,)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:

UPDATE: even after complete new database, unable to login. I do get LoginSucceeded in [AbpSecurityLogs]. But then redirects login page and clears form.

UPDATE2: Also swagger client has same issue .. after authorize in swagger: Unknown client or not enabled: RitReis_Swagger

UPDATE3: See lookup for session but then logout as session is not found, i also do not see any sessions in the database table AbpSessions.

UPDATE3 LOG [19:58:27 DBG] Get dynamic claims cache for user: 4e8ab7bf-2d69-c4c3-a2b7-3a13ba4a27b3 [19:58:27 DBG] Filling dynamic claims cache for user: 4e8ab7bf-2d69-c4c3-a2b7-3a13ba4a27b3 [19:58:27 DBG] Get session from IdentitySessionManager for 81143ab4-8215-4fab-b2a6-68997a7e0379 [19:58:27 WRN] Could not find a session with ID: 81143ab4-8215-4fab-b2a6-68997a7e0379 [19:58:27 WRN] SessionId(81143ab4-8215-4fab-b2a6-68997a7e0379) not found for user: 4e8ab7bf-2d69-c4c3-a2b7-3a13ba4a27b3, log out. [19:58:27 DBG] Remove dynamic claims cache for user: 4e8ab7bf-2d69-c4c3-a2b7-3a13ba4a27b3 [19:58:27 INF] AuthenticationScheme: Identity.Application signed out. [19:58:27 INF] Executing endpoint 'Volo.Abp.OpenIddict.Controllers.AuthorizeController.HandleAsync (Volo.Abp.OpenIddict.AspNetCore)' [19:58:27 INF] Route matched with {action = "Handle", controller = "Authorize", area = "", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] HandleAsync() on controller Volo.Abp.OpenIddict.Controllers.AuthorizeController (Volo.Abp.OpenIddict.AspNetCore). [19:58:27 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy [19:58:27 DBG] Get dynamic claims cache for user: 4e8ab7bf-2d69-c4c3-a2b7-3a13ba4a27b3 [19:58:27 DBG] Filling dynamic claims cache for user: 4e8ab7bf-2d69-c4c3-a2b7-3a13ba4a27b3 [19:58:27 DBG] Get session from IdentitySessionManager for 81143ab4-8215-4fab-b2a6-68997a7e0379 [19:58:27 WRN] Could not find a session with ID: 81143ab4-8215-4fab-b2a6-68997a7e0379 [19:58:27 WRN] SessionId(81143ab4-8215-4fab-b2a6-68997a7e0379) not found for user: 4e8ab7bf-2d69-c4c3-a2b7-3a13ba4a27b3, log out. [19:58:27 DBG] Remove dynamic claims cache for user: 4e8ab7bf-2d69-c4c3-a2b7-3a13ba4a27b3 [19:58:27 INF] Executing ChallengeResult with authentication schemes (["Identity.Application"]). [19:58:27 INF] AuthenticationScheme: Identity.Application was challenged. UPDATE3 LOG

[17:47:14 DBG] Login Url: /Account/Login [17:47:14 DBG] Login Return Url Parameter: ReturnUrl [17:47:14 DBG] Logout Url: /Account/Logout [17:47:14 DBG] ConsentUrl Url: /Consent [17:47:14 DBG] Consent Return Url Parameter: returnUrl [17:47:14 DBG] Error Url: /Account/Error [17:47:14 DBG] Error Id Parameter: errorId [17:47:14 DBG] Start authorize request protocol validation [17:47:14 ERR] Unknown client or not enabled: RitReis_App

  • Steps to reproduce the issue:

  • Update from 8.1.3 to 8.2.0

  • Run migrate

  • I removed the applications from the [OpenIddictApplications] table & removed the admin user. On migrate they are recreated.

see below log for one login request ... after request finished it just reverts back to same login screen ...

[17:52:24 INF] Now listening on: https://localhost:44362 [17:52:24 INF] Application started. Press Ctrl+C to shut down. [17:52:24 INF] Hosting environment: Development [17:52:24 INF] Content root path: C:\batcave\RitReis\aspnet-core\src\RitReis.AuthServer [17:52:24 INF] Completed to save external localizations. [17:53:07 INF] Request starting HTTP/2 POST https://localhost:44362/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fresponse_type%3Dcode%26client_id%3DRitReis_App etc... [17:53:07 DBG] Login Url: /Account/Login [17:53:07 DBG] Login Return Url Parameter: ReturnUrl [17:53:07 DBG] Logout Url: /Account/Logout [17:53:07 DBG] ConsentUrl Url: /Consent [17:53:07 DBG] Consent Return Url Parameter: returnUrl [17:53:07 DBG] Error Url: /Account/Error [17:53:07 DBG] Error Id Parameter: errorId [17:53:07 DBG] Start authorize request protocol validation [17:53:07 ERR] Unknown client or not enabled: RitReis_App {"ClientId": null, "ClientName": null, "RedirectUri": null, "AllowedRedirectUris": null, "SubjectId": "anonymous", "ResponseType": null, "ResponseMode": null, "GrantType": null, "RequestedScopes": "", "State": null, "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": "", "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": {"response_type": "code", "client_id": "RitReis_App", "state": "xxx", "redirect_uri": "http://localhost:4200", "scope": "openid offline_access RitReis", "code_challenge": "xxx", "code_challenge_method": "S256", "nonce": "xxx", "culture": "en", "ui-culture": "en"}, "$type": "AuthorizeRequestValidationLog"} [17:53:07 INF] CORS policy execution successful. [17:53:07 DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessRequestContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ResolveRequestUri. [17:53:07 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ResolveRequestUri. [17:53:07 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+InferEndpointType. [17:53:07 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by Volo.Abp.Account.Web.Pages.Account.OpenIddictImpersonateInferEndpointType. [17:53:07 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateTransportSecurityRequirement. [17:53:07 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateHostHeader. [17:53:07 DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ValidateHostHeader. [17:53:07 DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+EvaluateValidatedTokens. [17:53:07 DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromAuthorizationHeader. [17:53:07 DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromBodyForm. [17:53:07 DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.AspNetCore.OpenIddictValidationAspNetCoreHandlers+ExtractAccessTokenFromQueryString. [17:53:07 DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens. [17:53:07 DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens. [17:53:07 DBG] AuthenticationScheme: OpenIddict.Validation.AspNetCore was not authenticated. [17:53:07 INF] Executing endpoint '/Account/Login' [17:53:07 INF] Route matched with {page = "/Account/Login", area = "", action = "", controller = ""}. Executing page /Account/Login [17:53:07 INF] Skipping the execution of current filter as its not the most effective filter implementing the policy Microsoft.AspNetCore.Mvc.ViewFeatures.IAntiforgeryPolicy [17:53:07 INF] Executing handler method Volo.Abp.Account.Public.Web.Pages.Account.LoginModel.OnPostAsync - ModelState is Valid [17:53:07 DBG] Start authorize request protocol validation [17:53:07 ERR] Unknown client or not enabled: RitReis_App

then later during same call

[17:53:08 INF] The authorization request was successfully extracted: { "response_type": "code", "client_id": "RitReis_App", "state": "xxx", "redirect_uri": "http://localhost:4200", "scope": "openid offline_access RitReis", "code_challenge": "xxx", "code_challenge_method": "S256", "nonce": "xxx, "culture": "en", "ui-culture": "en" }.

[17:53:08 INF] The authorization request was successfully validated.

[17:53:08 DBG] The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+ValidateRequiredTokens. [17:53:08 DBG] AuthenticationScheme: OpenIddict.Validation.AspNetCore was not authenticated.

also have this error .. but had that one already i believe ..

[17:53:09 INF] Executed action Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc) in 97.4216ms [17:53:09 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ProxyScripting.AbpServiceProxyScriptController.GetAll (Volo.Abp.AspNetCore.Mvc)' [17:53:09 INF] Request finished HTTP/2 GET https://localhost:44362/Abp/ServiceProxyScript - 200 162 application/javascript 123.3384ms [17:53:09 ERR] The input data is not a complete block. System.Security.Cryptography.CryptographicException: The input data is not a complete block. at System.Security.Cryptography.UniversalCryptoDecryptor.UncheckedTransformFinalBlock(ReadOnlySpan1 inputBuffer, Span1 outputBuffer) at System.Security.Cryptography.UniversalCryptoDecryptor.UncheckedTransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.UniversalCryptoTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.ReadAsyncCore(Memory`1 buffer, CancellationToken cancellationToken, Boolean useAsync) at System.Security.Cryptography.CryptoStream.Read(Byte[] buffer, Int32 offset, Int32 count) at Volo.Abp.Security.Encryption.StringEncryptionService.Decrypt(String cipherText, String passPhrase, Byte[] salt) at Volo.Abp.Settings.SettingEncryptionService.Decrypt(SettingDefinition settingDefinition, String encryptedValue) [17:53:09 INF] Executing ContentResult with HTTP Response ContentType of application/javascript

and then finally ..

[17:53:09 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [17:53:09 INF] Executed action Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 161.4176ms [17:53:09 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.Localization.AbpApplicationLocalizationScriptController.GetAsync (Volo.Abp.AspNetCore.Mvc)' [17:53:09 INF] Request finished HTTP/2 GET https://localhost:44362/Abp/ApplicationLocalizationScript?cultureName=en - 200 227749 application/javascript 186.8775ms [17:53:09 DBG] Executed AbpApplicationConfigurationAppService.GetAsync(). [17:53:09 INF] Executing ContentResult with HTTP Response ContentType of application/javascript [17:53:09 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc) in 215.7106ms [17:53:09 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationScriptController.Get (Volo.Abp.AspNetCore.Mvc)' [17:53:09 INF] Request finished HTTP/2 GET https://localhost:44362/Abp/ApplicationConfigurationScript - 200 8206 application/javascript 237.6711ms


3 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    1. [ERR] Unknown client or not enabled: RitReis_App

    Can you confirm the [OpenIddictApplications] table has the RitReis_App? You can clear the Redis as well.

    1. [ERR] The input data is not a complete block. System.Security.Cryptography.CryptographicException: The input data is not a complete block.

    There seems to be a problem with the encrypted value of your settings. Please share the full error stack.

  • User Avatar
    0
    brekelmans.ian@gmail.com created

    Hi,

    Yes, created a new DB, then a migrate, the 4 applications are there, flushed Redis:

    • RitReis_App
    • RitReis_Mobile
    • RitReis_Web_Public_Tiered
    • RitReis_Swagger.

    The full login result log is too long, can you send me your email and I can send it to you? Hope we can solve it quickly as I should have demo end of day and release in two weeks, development is halted currently as I am unable to pass login.

    Thank you.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    liming.ma@volosoft.com

    You can share logs via https://wetransfer.com/

Made with ❤️ on ABP v9.0.0-preview. Updated on October 07, 2024, 08:52