- ABP Framework version: v8.2.2
- UI Type: Angular
- Database System: EF Core (SQL Server)
- Tiered (for MVC) or Auth Server Separated (for Angular): yes/no
- Exception message and full stack trace:
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize
[09:35:56 DBG] Start authorize request
[09:35:56 DBG] No user present in authorize request
[09:35:56 DBG] Start authorize request protocol validation
[09:35:56 ERR] Unknown client or not enabled: PartnerPortal_App
{"ClientId": null, "ClientName": null, "RedirectUri": null, "AllowedRedirectUris": null, "SubjectId": "anonymous", "ResponseType": null, "ResponseMode": null, "GrantType": null, "RequestedScopes": "", "State": null, "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": "", "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": {"response_type": "code", "client_id": "PartnerPortal_App", "state": "dS5jYy0xNGZBenBVNk9RZkZaLURqa35ubVkzMXVlSVdlX2FnSXRJdXFoNWlh", "redirect_uri": "http://localhost:4200", "scope": "offline_access openid profile role email phone PartnerPortal", "code_challenge": "9UgsS7QtePtvo10d2NkPR2yEsuJLVMdMfYrFmj5JvV8", "code_challenge_method": "S256", "nonce": "dS5jYy0xNGZBenBVNk9RZkZaLURqa35ubVkzMXVlSVdlX2FnSXRJdXFoNWlh", "culture": "en", "ui-culture": "en", "selectedTenantId": "7a50f0a8-38e8-0807-55b4-3a040dbaffd1"}, "$type": "AuthorizeRequestValidationLog"}
[09:35:56 ERR] Request validation failed
[09:35:56 INF] {"ClientId": null, "ClientName": null, "RedirectUri": null, "AllowedRedirectUris": null, "SubjectId": "anonymous", "ResponseType": null, "ResponseMode": null, "GrantType": null, "RequestedScopes": "", "State": null, "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": "", "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": {"response_type": "code", "client_id": "PartnerPortal_App", "state": "dS5jYy0xNGZBenBVNk9RZkZaLURqa35ubVkzMXVlSVdlX2FnSXRJdXFoNWlh", "redirect_uri": "http://localhost:4200", "scope": "offline_access openid profile role email phone PartnerPortal", "code_challenge": "9UgsS7QtePtvo10d2NkPR2yEsuJLVMdMfYrFmj5JvV8", "code_challenge_method": "S256", "nonce": "dS5jYy0xNGZBenBVNk9RZkZaLURqa35ubVkzMXVlSVdlX2FnSXRJdXFoNWlh", "culture": "en", "ui-culture": "en", "selectedTenantId": "7a50f0a8-38e8-0807-55b4-3a040dbaffd1"}, "$type": "AuthorizeRequestValidationLog"}
[09:35:56 INF] {"ClientId": "PartnerPortal_App", "ClientName": null, "RedirectUri": null, "Endpoint": "Authorize", "SubjectId": null, "Scopes": "", "GrantType": null, "Error": "unauthorized_client", "ErrorDescription": "Unknown client or client not enabled", "Category": "Token", "Name": "Token Issued Failure", "EventType": "Failure", "Id": 2001, "Message": null, "ActivityId": "0HN6IVL4KETP2:00000001", "TimeStamp": "2024-09-12T07:35:56.0000000Z", "ProcessId": 13528, "LocalIpAddress": "::1:44385", "RemoteIpAddress": "::1", "$type": "TokenIssuedFailureEvent"}
[09:35:56 INF] The response could not be cached for this request.
[09:35:56 INF] Request finished HTTP/2 GET https://localhost:44385/connect/authorize?response_type=code&client_id=PartnerPortal_App&state=dS5jYy0xNGZBenBVNk9RZkZaLURqa35ubVkzMXVlSVdlX2FnSXRJdXFoNWlh&redirect_uri=http%3A%2F%2Flocalhost%3A4200&scope=offline_access%20openid%20profile%20role%20email%20phone%20PartnerPortal&code_challenge=9UgsS7QtePtvo10d2NkPR2yEsuJLVMdMfYrFmj5JvV8&code_challenge_method=S256&nonce=dS5jYy0xNGZBenBVNk9RZkZaLURqa35ubVkzMXVlSVdlX2FnSXRJdXFoNWlh&culture=en&ui-culture=en&selectedTenantId=7a50f0a8-38e8-0807-55b4-3a040dbaffd1 - 302 0 null 168.9828ms
[09:35:56 INF] Request starting HTTP/2 GET https://localhost:44385/Account/Error?errorId=CfDJ8IfPL4gEj_lBlyYCXb43SqCQlGHbLin3iWrDERZZZMPJXGXDBNB-bwtAJHEUnE242e8WY60fcVCIASDxpBEYeN0k13jJ1H9mNSImPVBZPxGi7pxqhtvS3hp8vg7b4gaNmgpnFDaHA1ooJcMlLiGutarupbmMy109a971491ckIYvI5X9rVQoizC3tdkyK133SyrHal7oPArA8y-dwRcUEinnzXAtK_C0_nxjb2c5qRprPOIsm_JDk8v-Asl9_5KT_CTyQ4Y54LqtBE_m6gFkd-z2rjqg6L9As9rfnk-i9y9vNnRDNXwn9eHonuzxcsGxjIbLad4kczs1k1fjqjQbHZ_Fb1OW8f3jCnu-hDw4wsH4oJpVGXP2Er0ULCyUq1PXcA - null null
[09:35:56 INF] No cached response available for this request.
[09:35:56 INF] Executing endpoint 'Volo.Abp.Account.Web.Areas.Account.Controllers.ErrorController.Index (Volo.Abp.Account.Pro.Public.Web.IdentityServer)'
[09:35:56 INF] Route matched with {area = "account", action = "Index", controller = "Error", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Microsoft.AspNetCore.Mvc.IActionResult] Index(System.String) on controller Volo.Abp.Account.Web.Areas.Account.Controllers.ErrorController (Volo.Abp.Account.Pro.Public.Web.IdentityServer).
[09:35:56 INF] Executing action method Volo.Abp.Account.Web.Areas.Account.Controllers.ErrorController.Index (Volo.Abp.Account.Pro.Public.Web.IdentityServer) - Validation state: Valid
[09:35:56 INF] Executed action method Volo.Abp.Account.Web.Areas.Account.Controllers.ErrorController.Index (Volo.Abp.Account.Pro.Public.Web.IdentityServer), returned result Microsoft.AspNetCore.Mvc.ViewResult in 5.1196ms.
[09:35:56 INF] Executing ViewResult, running view ~/Views/Error/500.cshtml.
- Steps to reproduce the issue:
Start host, start angular, go to localhost:4200/loginmethod, select tenant, click sign in.
10 Answer(s)
-
0
hi
Your app is still using the
IdentityServer
Please make sure you have depends on the correct modules.
https://abp.io/docs/latest/release-info/migration-guides/openiddict-step-by-step?_redirected=B8ABF606AA1BDF5C629883DF1061649A
Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize [09:35:56 DBG] Start authorize request Executed action method Volo.Abp.Account.Web.Areas.Account.Controllers.ErrorController.Index (Volo.Abp.Account.Pro.Public.Web.IdentityServer)
-
0
I have followed the commercial openiddict step by step migration guide (moving from IdentityServer to OpenIddict), as well as the angular part (which was just adding a trailing slash and an additional scope in the environment.ts file if I'm not mistaken). I did use the 8.2.2 versions of the packages.
I now receive this error in the browser after logging in.
error:invalid_scope error_description:The specified 'scope' is invalid. error_uri:https://documentation.openiddict.com/errors/ID2052
HttpApi.Host logs:
[15:41:20 INF] The request URI matched a server endpoint: Authorization. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+InferEndpointType. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by Volo.Abp.Account.Web.Pages.Account.OpenIddictImpersonateInferEndpointType. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ValidateHostHeader. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ExtractAuthorizationRequestContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ExtractGetOrPostRequest`1[[OpenIddict.Server.OpenIddictServerEvents+ExtractAuthorizationRequestContext, OpenIddict.Server, Version=5.5.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]]. [15:41:20 INF] The authorization request was successfully extracted: { "response_type": "code", "client_id": "PartnerPortal_App", "state": "fn5JeHpuN1Q4c2tLVWt2Yn51UnZTcGRvZEJzZWJCekpVZkI1Z0E1dE5XYUlW", "redirect_uri": "http://localhost:4200", "scope": "offline_access openid profile role email phone PartnerPortal", "code_challenge": "CfsYjxje98KAV6DELm4BsKByagBqTSzjrJnIpXAEBJQ", "code_challenge_method": "S256", "nonce": "fn5JeHpuN1Q4c2tLVWt2Yn51UnZTcGRvZEJzZWJCekpVZkI1Z0E1dE5XYUlW", "culture": "en", "ui-culture": "en", "selectedTenantId": "7a50f0a8-38e8-0807-55b4-3a040dbaffd1" }. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ExtractAuthorizationRequest. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateRequestParameter. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateRequestUriParameter. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateClientIdParameter. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateRedirectUriParameter. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateResponseTypeParameter. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateResponseModeParameter. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateScopeParameter. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateNonceParameter. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidatePromptParameter. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateProofKeyForCodeExchangeParameters. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ValidateAuthenticationDemand. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+EvaluateValidatedTokens. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ResolveValidatedTokens. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ValidateRequiredTokens. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ValidateClientId. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ValidateClientType. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ValidateIdentityToken. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ResolveHostAuthenticationProperties. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+ReformatValidatedTokens. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateAuthentication. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateResponseType. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateClientRedirectUri. [15:41:20 INF] The authentication request was rejected because invalid scopes were specified: ["role"]. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateScopes. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ValidateAuthorizationRequestContext was marked as rejected by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateScopes. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateAuthorizationRequest. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessRequestContext was marked as rejected by OpenIddict.Server.OpenIddictServerHandlers+Authentication+ValidateAuthorizationRequest. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachErrorParameters. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+AttachCustomErrorParameters. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+AttachRedirectUri. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+InferResponseMode. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+AttachResponseState. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Authentication+AttachIssuer. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachHttpResponseCode`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext, OpenIddict.Server, Version=5.5.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]]. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachCacheControlHeader`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext, OpenIddict.Server, Version=5.5.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]]. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+Authentication+ProcessFormPostResponse. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+Authentication+ProcessQueryResponse. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+Authentication+ProcessFragmentResponse. [15:41:20 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ProcessStatusCodePagesErrorResponse`1[[OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext, OpenIddict.Server, Version=5.5.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]]. [15:41:20 INF] The response was successfully returned as a plain-text document: { "error": "invalid_scope", "error_description": "The specified 'scope' is invalid.", "error_uri": "https://documentation.openiddict.com/errors/ID2052" }.
environment ts file:
oAuthConfig: { issuer: 'https://localhost:44385/', redirectUri: baseUrl, clientId: 'PartnerPortal_App', responseType: 'code', scope: 'offline_access openid profile role email phone PartnerPortal', requireHttps: true },
-
0
Thanks maliming for pointing me back in the right direction.
I am currently continuing to debug my migrated project.
We have a landing page where we select a tenant, and then we redirect to the localhost:44385/Account/Login page.
Even though there is a "selectedTenant" query parameter, the tenant is not selected.
https://localhost:44385/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fresponse_type%3Dcode%26client_id%3DPartnerPortal_App%26state%3DTEhmVEhYSG9sWjItV3VrRGd4b0M5dHRwOHBTdGYwRlFvWXZPRlJtNnNPZFFC%26redirect_uri%3Dhttp%253A%252F%252Flocalhost%253A4200%26scope%3Doffline_access%2520openid%2520profile%2520email%2520phone%2520PartnerPortal%26code_challenge%3D41hJzeacuRZcj0DOHNxFG_HW4pzZqQbpTfXL4ntrq3k%26code_challenge_method%3DS256%26nonce%3DTEhmVEhYSG9sWjItV3VrRGd4b0M5dHRwOHBTdGYwRlFvWXZPRlJtNnNPZFFC%26culture%3Den%26ui-culture%3Den%26selectedTenantId%3D7a50f0a8-38e8-0807-55b4-3a040dbaffd1
-
0
hi
The authentication request was rejected because invalid scopes were specified: ["role"].
The
scope
for the role isroles
.scope: 'offline_access openid profile roles email phone PartnerPortal',
-
0
hi
Even though there is a "selectedTenant" query parameter, the tenant is not selected.
You can add a new tenant resolver to get tenant from
ReturnUrl
https://abp.io/docs/latest/framework/architecture/multi-tenancy?_redirected=B8ABF606AA1BDF5C629883DF1061649A#default-tenant-resolvers
-
0
The documentation you provided states that the QueryStringTenantResolveContributor is provided and configured by default.
I have included the login page url earlier, but the selectedTenantId query parameter is url encoded in the "returnUrl" query parameter for the login page.
Is there some authentication flow step I am missing where the tenant could be set on that login page? I would expect the selectedTenantId to be transitive.
-
0
-
0
hi
ActivationEndDate
should have a value and >=Clock.Now
public enum TenantActivationState : byte { Active = 0, ActiveWithLimitedTime = 1, Passive = 2 } public virtual Task<bool> IsActiveAsync(Tenant tenant) { return Task.FromResult(tenant.ActivationState switch { TenantActivationState.Active => true, TenantActivationState.Passive => false, TenantActivationState.ActiveWithLimitedTime => tenant.ActivationEndDate >= Clock.Now, _ => false }); }```
-
0
I updated the TenantActivationState to Active, yet I still receive the same error.
-
0
Clear the Redis.