Tenant-Id and Tenant-Name Not Set in Header After Dashboard Redirect (SSO OIDC) #8132

110 Answer(s)

• 

  0

  maliming created 22 days ago

  Support Team Fullstack Developer

  hi

  It's mandatory to unable this OAuth Login feature ?

  This is an independent login function, you can enable or disable it, the default is disabled. If enabled you need to provide relevant configuration.

  

  ---

  You mean to say this is only required for MVC application ?

  It's an external/social login in MVC. You can use it if you use code flow in angular. But you are not using code flow now.

  ---

  I don't understand your current login process at all. Remote meetings won't help. You can try sharing a project that reproduces the problem. That way I can check the problem locally.

  Thanks.

  Save Cancel
• 

  0

  Repunjay_TASC created 21 days ago

  hi

  It's mandatory to unable this OAuth Login feature ?

  This is an independent login function, you can enable or disable it, the default is disabled. If enabled you need to provide relevant configuration.

  

  Okay, my question is: I haven't been able to enable this feature, which is why we are facing this issue ?

  ---

  You mean to say this is only required for MVC application ?

  It's an external/social login in MVC. You can use it if you use code flow in angular. But you are not using code flow now.

  As per your suggestion i have made code flow from angular as well as .

  So many confusion which process need to follow.

  1. I have microservices side api as well which authenticate with IDP.

  AuthenticationScheme i have added please find below screen shot. Controller api also connect with IDP

  above code communicate with IDP get token get user info and inserted in DB as well only after redirect to dashboard facing issue .

  we already discuss this scenario earlier

  ---

  I don't understand your current login process at all. Remote meetings won't help.

  **We have a requirement where, when a client clicks on our application logo (which is already configured within their application), they should be redirected directly to the IdP's login page instead of the ABP.IO login page. After authentication with the IdP. After that we get user information from IDP insert into our DB and update roles and then user should be redirected to our dashboard. **

  2. As per your suggestion i have added angular side code as well which authenticate with IDP.

  This is code changes i have made in angular side. i] When client click login link first load home module and ngOnInit method base on condition we call IDP login API IDP Login api with connect with Third-party IDP Server(it's working as expected) ii] We have another component we handle callback url(redirect url from IDP) after that read below parameter. Also i have mention That before executing the first two [i, ii] steps, the api/abp/application-configuration endpoint is called automatically, and the access token is not passed.

  Still you are saying not using code flow now.

  We have experienced significant communication gaps, and I don't believe this approach will help us resolve our issue.

  You can try sharing a project that reproduces the problem. That way I can check the problem locally.

  Thanks.

  Due to policy restrictions, it's not possible to share my current project. Additionally, this problem cannot be reproduced in the ABP separate template because we have made many modifications to our existing project. I should also mention that we are using an older ABP template in our current project, although the version has been updated.

  Save Cancel
• 

  0

  maliming created 21 days ago

  Support Team Fullstack Developer

  ok.

  If I understand correctly, your angular has got an access_token

  http://localhost:4200/oidcredirect#access_token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiw
  

  1. You can try using this access token to call your website's API to verify that it is correct. For example:

  GET /api/account/my-profile 
      Authorization: Bearer <your token>
  

  4. if the access token is no problem. I will ask our angular team to use it in /api/abp/application-configuration request headers

  Save Cancel
• 

  0

  Repunjay_TASC created 21 days ago

  ok i will try and update you.

  Save Cancel
• 

  0

  maliming created 21 days ago

  Support Team Fullstack Developer

  : )

  Save Cancel
• 

  0

  Repunjay_TASC created 21 days ago

  ok.

  If I understand correctly, your angular has got an access_token

  http://localhost:4200/oidcredirect#access_token=eyJhbGciOiJkaXIiLCJlbmMiOiJBMjU2R0NNIiw 
  

  1. You can try using this access token to call your website's API to verify that it is correct.For example:

  GET /api/account/my-profile  
      Authorization: Bearer <your token> 
  

  The /api/account/my-profile API is used to retrieve the current user's profile information. However, the user must be present in the database for this API to return valid data.

  Currently, I authenticate users through a third-party IDP and obtain a token from them. I need to retrieve user information from the IDP, which includes the ProviderKey (User ID). After obtaining this ProviderKey, I pass it to the GetUserDetailsInfo API to fetch the authenticated user's information, which I then insert into the database.

  

  Once the user information is successfully inserted into the database, I should be able to call the /api/account/my-profile endpoint to retrieve the user's profile.

  Previously, we used the method await _signInManager.GetExternalLoginInfoAsync(); to get the ProviderKey (User ID), which we then used to call the GetUserDetailsInfo API and store the user information in the database.

  However, with the change in our code approach, I am currently unable to find out how to retrieve the ProviderKey in Angular.

  Save Cancel
• 

  0

  maliming created 21 days ago

  Support Team Fullstack Developer

  The ProviderKey should be returned by IDP.

  Maybe you can get it from access_token.

  You can check the claims in token. decode the token in https://jwt.io/

  

  Save Cancel
• 

  0

  Repunjay_TASC created 21 days ago

  Ok let me check

  Save Cancel
• 

  0

  maliming created 21 days ago

  Support Team Fullstack Developer

  ok,a nd you can share a token by email. liming.ma@volosoft.com

  I can check it as well.

  Save Cancel
• 

  0

  Repunjay_TASC created 15 days ago

  token

  I have shared over email pls check

  Save Cancel
• 

  0

  Repunjay_TASC created 15 days ago

  I have cross validate; Inside token we received Client ID not User ID

  For your information pls find attached screen shot.

  Save Cancel
• 

  0

  maliming created 15 days ago

  Support Team Fullstack Developer

  grant_type=client_credentials => The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user.

  You are using the client_credentials, there is no user concept in this grant type.

  

  Save Cancel
• 

  0

  Repunjay_TASC created 14 days ago

  Can i use this grant type grant_type=authorization_code ?

  Save Cancel
• 

  0

  maliming created 14 days ago

  Support Team Fullstack Developer

  hi

  I'm not sure. This is your auth0 server. But I think you can use the code or password flow with auth0.

  Please refer to its document.

  Save Cancel
• 

  0

  Repunjay_TASC created 14 days ago

  I am using below header parameter to get token

  Save Cancel
• 

  0

  maliming created 14 days ago

  Support Team Fullstack Developer

  I'm not sure. You can send the request and check the response.

  Save Cancel
• 

  0

  Repunjay_TASC created 11 days ago

  1. You can try using this access token to call your website's API to verify that it is correct.For example:

  GET /api/account/my-profile   
      Authorization: Bearer <your token>  
  

  The /api/account/my-profile API is used to retrieve the current user's profile information. However, the user must be present in the database for this API to return valid data.

  I am now able to retrieve the user ID and, based on that, fetch user details from the Identity Provider (IDP) and successfully insert them into the database.

  However, after calling the /api/account/my-profile API, I am encountering an internal server error. I have shared the request and response details over email. Could you please cross-check whether all the headers in the request are correct? Meanwhile, I will continue investigating the issue internally.

  Save Cancel
• 

  0

  maliming created 10 days ago

  Support Team Fullstack Developer

  hi

  I am encountering an internal server error.

  Can you share the error logs of the 500?

  ---

  The access_token you passed to API is not gotten from ABP. I think API doesn't recognize it.

  Save Cancel
• 

  0

  Repunjay_TASC created 10 days ago

  hi

  I am encountering an internal server error.

  Can you share the error logs of the 500?

  ---

  The access_token you passed to API is not gotten from ABP. I think API doesn't recognize it.

  I received a token from a third-party IDP that one i pass, let me get token from ABP and pass inside this request.

  Can you help how to get token from ABP in angular

  Save Cancel
• 

  0

  maliming created 10 days ago

  Support Team Fullstack Developer

  Please share the error logs of the 500

  Save Cancel
• 

  0

  Repunjay_TASC created 10 days ago

  shared logs over email please check

  Save Cancel
• 

  0

  maliming created 10 days ago

  Support Team Fullstack Developer

  hi

  after calling the /api/account/my-profile API, I am encountering an internal server error.

  Please call the API a few more times and share the log. Your log seems incomplete.

  Thanks.

  You can set log level to Debug

  public class Program
  {
      public async static Task<int> Main(string[] args)
      {
          Log.Logger = new LoggerConfiguration()
              .MinimumLevel.Debug()
              .MinimumLevel.Override("Microsoft.EntityFrameworkCore", LogEventLevel.Warning)
              .Enrich.FromLogContext()
              .WriteTo.Async(c => c.File("Logs/logs.txt"))
              .WriteTo.Async(c => c.Console())
              .CreateLogger();
  

  Save Cancel
• 

  0

  Repunjay_TASC created 10 days ago

  Hi ,

  shared latest log information pls check and let me know.

  Save Cancel
• 

  0

  maliming created 10 days ago

  Support Team Fullstack Developer

  hi

  Are you using the gateway?

  Please check the service logs.

  500 error logs seem to be on other websites.

  [14:10:09 INF] [] Request starting "HTTP/2" "GET" "https"://"localhost:44359""""/api/account/my-profile""" - null null
  [14:10:09 INF] [] CORS policy execution successful.
  [14:10:09 INF] [] Handling request: /api/account/my-profile
  [14:10:09 INF] [] Handling request logProject: product
  [14:10:09 INF] [] Handling request logProjectGroupName: /ecs/product-dev-gateway
  [14:10:09 INF] [] Handling request logProject change tenant: product
  [14:10:09 INF] [Product] Executing endpoint '"Volo.Abp.Account.ProfileController.GetAsync (Volo.Abp.Account.Pro.Public.HttpApi)"'
  [14:10:09 INF] [Product] Route matched with "{area = \"account\", controller = \"Profile\", action = \"Get\", page = \"\"}". Executing controller action with signature "System.Threading.Tasks.Task`1[Volo.Abp.Account.ProfileDto] GetAsync()" on controller "Volo.Abp.Account.ProfileController" ("Volo.Abp.Account.Pro.Public.HttpApi").
  [14:10:09 INF] [Product] Executed action "Volo.Abp.Account.ProfileController.GetAsync (Volo.Abp.Account.Pro.Public.HttpApi)" in 13.5452ms
  [14:10:09 INF] [Product] Executed endpoint '"Volo.Abp.Account.ProfileController.GetAsync (Volo.Abp.Account.Pro.Public.HttpApi)"'
  [14:10:09 INF] [] Finished handling request.
  [14:10:09 INF] [] Request finished "HTTP/2" "GET" "https"://"localhost:44359""""/api/account/my-profile""" - 500 null "application/json" 195.4187ms
  

  Save Cancel
• 

  0

  Repunjay_TASC created 10 days ago

  Yes i am calling gateway api .

  this is base method right ?

  below API i have call from angular and token pass which is coming from 3rd party IDP.

  Which token need to pass this api ? ABP or 3rd party IDP. ?

  Save Cancel