- ABP Framework version: v8.3.0
- UI Type: Blazor Server
- Database System: EF Core (SQL Server)
-
- Tiered (for MVC) or Auth Server Separated (for Angular): Yes
- Exception message and full stack trace:
OpenIdConnectProtocolException: Message contains error: 'invalid_grant', error_description: 'SessionExpired', error_uri: 'error_uri is null'. Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.RedeemAuthorizationCodeAsync(OpenIdConnectMessage tokenEndpointRequest)
AuthenticationFailureException: An error was encountered while handling the remote login. Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler<TOptions>.HandleRequestAsync()
- Steps to reproduce the issue:
Hi I upgraded my project to the last ABP framework (v8.3.0)
There was a compilation error in which I needed to add the following to my DbContext: public DbSet<IdentitySession> Sessions { get; set; }
I then attempted to run the solution again and go the following post logging in:
Debug log below:
[22:53:04 INF] Request finished HTTP/2 POST https://localhost:44382/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DPekkishPOS_BlazorServerTiered%26redirect_uri%3Dhttps%253A%252F%252Flocalhost%253A44370%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520PekkishPOS%26response_mode%3Dform_post%26nonce%3D638625486411992936.Yzc2NWViY2EtOWNkOS00NWJhLTkwYWUtNzU3NDQ5MjBlZTViNzhhM2Y4N2MtNzE3MS00NjMxLTkwYTUtZDllNDhkYzcxMTdj%26state%3DCfDJ8BAQRgbFZOhKvnVuRTbVeaRCJBwfd-tIq56xB0og-OgpLwCJuL8tQa-dsroNzzABDQKY8NgBzJgG8Ho0dYhAnRY41qlSNPm54l521OhRfC3VkmiWcVJei1tNeT0nCMBxD_3Tq9aXPa02r_KD-KZP1L2FBGdbu9KLmheIMfhizDned5D8O2-WRoh9u7OcwjoPNsXv-oOfUP_2uYYQgU8j9ZE6uM1Dlo-G58VAvc0pMkADc4uaebW7ZW4ZgLVuQZZ9NvYmr7G5l7kgGHeEWe7wA_xblG30zF1ohSJcQ98_qZO3%26x-client-SKU%3DID_NET8_0%26x-client-ver%3D7.5.1.0 - 302 0 null 10288.7018ms [22:53:04 INF] Request starting HTTP/2 GET https://localhost:44382/connect/authorize?client_id=PekkishPOS_BlazorServerTiered&redirect_uri=https%3A%2F%2Flocalhost%3A44370%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20PekkishPOS&response_mode=form_post&nonce=638625486411992936.Yzc2NWViY2EtOWNkOS00NWJhLTkwYWUtNzU3NDQ5MjBlZTViNzhhM2Y4N2MtNzE3MS00NjMxLTkwYTUtZDllNDhkYzcxMTdj&state=CfDJ8BAQRgbFZOhKvnVuRTbVeaRCJBwfd-tIq56xB0og-OgpLwCJuL8tQa-dsroNzzABDQKY8NgBzJgG8Ho0dYhAnRY41qlSNPm54l521OhRfC3VkmiWcVJei1tNeT0nCMBxD_3Tq9aXPa02r_KD-KZP1L2FBGdbu9KLmheIMfhizDned5D8O2-WRoh9u7OcwjoPNsXv-oOfUP_2uYYQgU8j9ZE6uM1Dlo-G58VAvc0pMkADc4uaebW7ZW4ZgLVuQZZ9NvYmr7G5l7kgGHeEWe7wA_xblG30zF1ohSJcQ98_qZO3&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 - null null
[2OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachHttpResponseCode1[[OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext, OpenIddict.Server, Version=5.5.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]]. [22:53:58 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachCacheControlHeader
1[[OpenIddict.Server.OpenIddictServerEvents+ApplyAuthorizationResponseContext, OpenIddict.Server, Version=5.5.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
[22:53:58 INF] The authorization response was successfully returned to 'https://localhost:44370/signin-oidc' using the form post response mode: {
"code": "[redacted]",
"id_token": "[redacted]",
"state": "CfDJ8BAQRgbFZOhKvnVuRTbVeaRCJBwfd-tIq56xB0og-OgpLwCJuL8tQa-dsroNzzABDQKY8NgBzJgG8Ho0dYhAnRY41qlSNPm54l521OhRfC3VkmiWcVJei1tNeT0nCMBxD_3Tq9aXPa02r_KD-KZP1L2FBGdbu9KLmheIMfhizDned5D8O2-WRoh9u7OcwjoPNsXv-oOfUP_2uYYQgU8j9ZE6uM1Dlo-G58VAvc0pMkADc4uaebW7ZW4ZgLVuQZZ9NvYmr7G5l7kgGHeEWe7wA_xblG30zF1ohSJcQ98_qZO3",
"iss": "https://localhost:44382/"
}.
1[[OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext, OpenIddict.Server, Version=5.5.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
[22:54:00 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachCacheControlHeader1[[OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext, OpenIddict.Server, Version=5.5.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]]. [22:54:00 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+AttachWwwAuthenticateHeader
1[[OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext, OpenIddict.Server, Version=5.5.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
[22:54:00 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext was successfully processed by Volo.Abp.Account.Web.ExtensionGrants.LinkLoginExtensionGrantProcessJsonResponse.
[22:54:00 INF] The response was successfully returned as a JSON document: {
"error": "invalid_grant",
"error_description": "SessionExpired"
}.
[22:54:00 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext was successfully processed by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ProcessJsonResponse1[[OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext, OpenIddict.Server, Version=5.5.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]]. [22:54:00 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext was marked as handled by OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlers+ProcessJsonResponse
1[[OpenIddict.Server.OpenIddictServerEvents+ApplyTokenResponseContext, OpenIddict.Server, Version=5.5.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
[22:54:00 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext was successfully processed by OpenIddict.Server.OpenIddictServerHandlers+Exchange+ApplyTokenResponse1[[OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext, OpenIddict.Server, Version=5.5.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]]. [22:54:00 DBG] The event OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext was marked as handled by OpenIddict.Server.OpenIddictServerHandlers+Exchange+ApplyTokenResponse
1[[OpenIddict.Server.OpenIddictServerEvents+ProcessErrorContext, OpenIddict.Server, Version=5.5.0.0, Culture=neutral, PublicKeyToken=35a561290d20de2f]].
[22:54:00 INF] Request finished HTTP/1.1 POST https://localhost:44382/connect/token - 400 74 application/json;charset=UTF-8 1465.9255ms
[22:54:00 WRN] The operation was canceled.
System.OperationCanceledException: The operation was canceled.
at System.Threading.CancellationToken.ThrowOperationCanceledException()
at System.Threading.CancellationToken.ThrowIfCancellationRequested()
at Volo.Abp.Caching.StackExchangeRedis.AbpRedisCache.SetManyAsync(IEnumerable1 items, DistributedCacheEntryOptions options, CancellationToken token) at Volo.Abp.Caching.DistributedCache
2.<>c__DisplayClass54_0.<<SetManyAsync>g__SetRealCache|0>d.MoveNext()
[22:54:00 INF] Request finished HTTP/2 GET https://localhost:44382/connect/authorize?client_id=PekkishPOS_BlazorServerTiered&redirect_uri=https%3A%2F%2Flocalhost%3A44370%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20roles%20email%20phone%20PekkishPOS&response_mode=form_post&nonce=638625486411992936.Yzc2NWViY2EtOWNkOS00NWJhLTkwYWUtNzU3NDQ5MjBlZTViNzhhM2Y4N2MtNzE3MS00NjMxLTkwYTUtZDllNDhkYzcxMTdj&state=CfDJ8BAQRgbFZOhKvnVuRTbVeaRCJBwfd-tIq56xB0og-OgpLwCJuL8tQa-dsroNzzABDQKY8NgBzJgG8Ho0dYhAnRY41qlSNPm54l521OhRfC3VkmiWcVJei1tNeT0nCMBxD_3Tq9aXPa02r_KD-KZP1L2FBGdbu9KLmheIMfhizDned5D8O2-WRoh9u7OcwjoPNsXv-oOfUP_2uYYQgU8j9ZE6uM1Dlo-G58VAvc0pMkADc4uaebW7ZW4ZgLVuQZZ9NvYmr7G5l7kgGHeEWe7wA_xblG30zF1ohSJcQ98_qZO3&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 - 200 null text/html;charset=UTF-8 56699.6435ms
[22:56:39 INF] Application is shutting down...
[22:56:39 DBG] Stopped background worker: Volo.Abp.Identity.Session.IdentitySessionCleanupBackgroundWorker
[22:56:39 DBG] Stopped background worker: Volo.Abp.OpenIddict.Tokens.TokenCleanupBackgroundWorker
17 Answer(s)
-
0
-
0
Hi
Thank you for your response. I do see the following in the AuthServer logs:
2024-09-23 10:21:46.065 +02:00 [DBG] Get SessionId(878aac30-416e-48db-a4de-c425a6ef793f) from IdentitySessionManager. 2024-09-23 10:21:47.448 +02:00 [WRN] Could not find SessionId(878aac30-416e-48db-a4de-c425a6ef793f) in the database.
However if I look in the AbpSessions table in the database I do find a record for the session Id in questions (878aac30-416e-48db-a4de-c425a6ef793f)
I hope this helps in resolving the issue.
-
0
Hi,
You can override the
IdentitySessionManager
to debug it step by step.[Dependency(ReplaceServices = true)] [ExposeServices(typeof(IdentitySessionManager))] public class MyIdentitySessionManager : IdentitySessionManager { public MyIdentitySessionManager(IIdentitySessionRepository identitySessionRepository, ICurrentUser currentUser, IDistributedCache<IdentitySessionCacheItem> cache, ISettingProvider settingProvider, IdentityDynamicClaimsPrincipalContributorCache identityDynamicClaimsPrincipalContributorCache) : base(identitySessionRepository, currentUser, cache, settingProvider, identityDynamicClaimsPrincipalContributorCache) { } public override async Task<IdentitySession> FindAsync(Guid id) { return await UpdateSessionFromCacheAsync(await IdentitySessionRepository.FindAsync(id)); } public override async Task<IdentitySession> FindAsync(string sessionId) { return await UpdateSessionFromCacheAsync(await IdentitySessionRepository.FindAsync(sessionId)); } protected override async Task<IdentitySession> UpdateSessionFromCacheAsync([CanBeNull] IdentitySession session) { if (session == null) { return null; } var sessionCacheItem = await Cache.GetAsync(session.SessionId); if (sessionCacheItem != null && await UpdateSessionFromCacheAsync(session, sessionCacheItem)) { await IdentitySessionRepository.UpdateAsync(session); } return session; } protected override Task<bool> UpdateSessionFromCacheAsync(IdentitySession session, IdentitySessionCacheItem sessionCacheItem) { if (session == null) { return Task.FromResult(false); } if (sessionCacheItem == null) { return Task.FromResult(false); } var changed = false; if (sessionCacheItem.CacheLastAccessed != null && (session.LastAccessed == null || sessionCacheItem.CacheLastAccessed > session.LastAccessed)) { session.UpdateLastAccessedTime(sessionCacheItem.CacheLastAccessed); changed = true; } if (!sessionCacheItem.IpAddress.IsNullOrWhiteSpace()) { var ipAddresses = session.GetIpAddresses().ToList(); ipAddresses.RemoveAll(x => x == sessionCacheItem.IpAddress); ipAddresses.Add(sessionCacheItem.IpAddress); session.SetIpAddresses(ipAddresses); changed = true; } return Task.FromResult(changed); } }
-
0
-
0
-
0
Update:
I ran it again and saw this issue which if you continue the code continues to run
The override class is invoked 3 times in the process and the 3rd time is the following:
When the page changes to https://localhost:44370/signin-oidc it runs the override class again and the function protected override async Task<IdentitySession> UpdateSessionFromCacheAsync([CanBeNull] IdentitySession session) received a null value for session which causes the underlying issue
-
0
Hi There.
Just following up to see if you have any updates on the issue?
-
0
-
0
Could you please share a minimal reproducible project with me? i will check it.
shiwei.liang@volosoft.com
-
0
Hi thank you. Can we do a quick google meet perhaps? my email address faldielb@gmail.com
-
0
-
0
-
0
Hi Just an update my side. I did some more debugging
The above code cannot find the session in questions ("3cb289a7-6c89-410f-bce1-884ea1641a49")
But in the new AbpSessions table (created by v8.3.0) there is a record for that session in the table:
I would like to sort this out today as I go on a 2 week holiday tomorrow
-
0
-
0
Hi, Just another update.
Even though the homepage loads, none of the menu options are now available as they were before the upgrade to v8.3.0.
I am logged in as admin and even the tenant admin menu options are not loading.
-
0
-
0
Hi,
Hi thank you. Can we do a quick google meet perhaps? my email address faldielb@gmail.com
okay