Hurry Up, Ends March 14!
GET YOUR DEAL
Open Closed

Dynamically managed scopes #8938

User avatar
0
r.abouzid created

  • Template: microservice

  • Created ABP Studio Version: 0.9.5

  • Current ABP Studio Version: 0.9.21

  • UI Framework: angular

  • Theme: leptonx

  • Theme Style: system

  • Database Provider: ef

  • Database Management System: sqlserver

  • Mobile Framework: maui

  • Public Website: Yes

We have defined the required scopes in the backoffice screen for our application (see the picture below). However, when making an HTTP request to obtain a token using the password grant type, we need to manually specify the scopes in the scope parameter of the token request. Since the scopes are already configured in the backoffice, shouldn’t they be dynamically included in the token request without requiring us to hardcode them in the code? Could you clarify how the scopes defined in the backoffice are intended to be used and whether there is a way to automatically include them in the token request?

image 1.png

public async Task GetTokenAsync(UserLoginInfoDto userLoginInfoDto)
        {
            var _client = _httpClientFactory.CreateClient();
            string tokenUrl = $"{_authServerUrl}/connect/token";
            FormUrlEncodedContent tokenRequest = new FormUrlEncodedContent(new[]
            {
                new KeyValuePair("grant_type","password"),
                new KeyValuePair("client_id", _configuration["AccountClient:ClientId"]),
                new KeyValuePair("client_secret", _configuration["AccountClient:ClientSecret"]),
                new KeyValuePair("username", userLoginInfoDto.UserName),
                new KeyValuePair("password", userLoginInfoDto.Password),
                new KeyValuePair("scope", " ...SCOPES.... ")     //Scopes Added Here
            });
 
            HttpResponseMessage response = await _client.PostAsync(tokenUrl, tokenRequest);
            response.EnsureSuccessStatusCode();
            var responseContent = await response.Content.ReadAsStringAsync();
            return !string.IsNullOrWhiteSpace(responseContent) ? JsonConvert.DeserializeObject(responseContent) : throw new Exception(L["EmptyResponse"]);
        }
Go to accepted answer
3 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can dynamic pass the scope parameter dynamically, but you can only pass the scope that defined in backend.

  • User Avatar
    0
    r.abouzid created

    Hi,

    Could you please provide more explanation or add more details? Your response is too abstract.
    The problem is still persisting, and we need a solution.

    Regards

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    The scope here can be dynamic.

    new KeyValuePair("scope", " ...SCOPES.... ") //Scopes Added Here

    But the scope value must be defined in your ClientId .

    eg: myclient has AbpAPI profile roles email phone offline_access scope.

    You can only pass the scope of AbpAPI profile roles email phone offline_access

    Thanks.

Assignee
User avatar maliming
Labels
None yet
Learn More, Pay Less
33% OFF
All Trainings!
Get Your Deal
Mastering ABP Framework Book
Do you need assistance from an ABP expert?
Schedule a Meeting
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v9.2.0-preview. Updated on March 13, 2025, 04:08