Open Closed

9.0.4 -> 9.2.3 upgrade #9707

User avatar
1
sghorakavi@cpat.com created
  • Steps to reproduce the issueTenant subdomain logout is not working. Tenant stays logged in always:
Go to accepted answer
116 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Still 400 error Please clear the cache and resend the logs.

    Thanks.

  • User Avatar
    0
    sghorakavi@cpat.com created

    Yes, Will clear and send you update.

  • User Avatar
    0
    sghorakavi@cpat.com created

    Pls check now, no 400 error but not working to logout

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Your endsession request was sent to https://auth.approach.cpat.dev/connect/endsession instead of https://cpattest.auth.approach.cpat.dev/connect/endsession

    Try to change IssuerAddress:

    .AddAbpOpenIdConnect("oidc", options =>
{
    options.Authority = configuration["AuthServer:Authority"];
    options.RequireHttpsMetadata = configuration.GetValue<bool>("AuthServer:RequireHttpsMetadata");
    //...

    options.Events.OnRedirectToIdentityProviderForSignOut = redirectContext =>
    {
        //Check current tenant here, and set the IssuerAddress accordingly
        var currentTenant = redirectContext.HttpContext.RequestServices.GetRequiredService<ICurrentTenant>();
        
        redirectContext.ProtocolMessage.IssuerAddress = "https://cpattest.auth.approach.cpat.dev";
        return System.Threading.Tasks.Task.CompletedTask;
    };
});
    1
  • User Avatar
    0
    sghorakavi@cpat.com created

    [sghorakavi@cpat.com] said: Yes, Will clear and send you update.

    Cache is cleared. Checking above code.

  • User Avatar
    0
    sghorakavi@cpat.com created

    [maliming] said: OnRedirectToIdentityProviderForSignOut

    Current code : We have code to handle tenant based on tenant name and wildcard information `options.Events.OnRedirectToIdentityProviderForSignOut = ctx => { ctx.ProtocolMessage.PostLogoutRedirectUri = ctx.ProtocolMessage.PostLogoutRedirectUri.Replace("http://", "https://"); // Intercept the redirection for signout so the browser navigates to the right URL in your host ctx.ProtocolMessage.IssuerAddress = "https://" + configuration["WildcardDomains:AuthServer"]! + "/connect/logout";

    var currentTenant = ctx.HttpContext.RequestServices.GetRequiredService&lt;ICurrentTenant&gt;();
 var tenantDomain = "https://" + configuration["WildcardDomains:Web"];
 if (currentTenant.IsAvailable && !string.IsNullOrEmpty(tenantDomain))
 {
     ctx.ProtocolMessage.IssuerAddress = ctx.ProtocolMessage.IssuerAddress.Replace("{0}", $"{currentTenant.Name}");
 }
 else
 {
     ctx.ProtocolMessage.IssuerAddress = ctx.ProtocolMessage.IssuerAddress.Replace("{0}.", string.Empty);
 }
 
 return Task.CompletedTask;

    };`

  • User Avatar
    0
    sghorakavi@cpat.com created

    [maliming] said: redirectContext.ProtocolMessage.IssuerAddress = "https://cpattest.auth.approach.cpat.dev";

    I think, we have issue in ctx.ProtocolMessage.PostLogoutRedirectUri = "https://myapp.com/";

    Let me remove "/connect/logout"; and retry

  • User Avatar
    0
    sghorakavi@cpat.com created

    [sghorakavi@cpat.com] said:

    [maliming] said: redirectContext.ProtocolMessage.IssuerAddress = "https://cpattest.auth.approach.cpat.dev";

    I think, we have issue in
    ctx.ProtocolMessage.PostLogoutRedirectUri = "https://myapp.com/";

    Let me remove "/connect/logout"; and retry

    Added connect/endsession and it seems to be working locally. I need to test on deployed code.

    Question: We updated DB to include http and tenant. Is there any call to API to update [OpenIddictApplications] table ?

  • User Avatar
    0
    sghorakavi@cpat.com created

    [sghorakavi@cpat.com] said: "https://cpattest.auth.approach.cpat.dev";

    "https://cpattest.auth.approach.cpat.dev" is working because I updated [OpenIddictApplications] table, [OpenIddictApplications] column with http and https values and https value in [RedirectUris] manually. How can I update DB table with the code ?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Is there any call to API to update [OpenIddictApplications] table ?

    You can update it in OpenIddict -> Applications page.

    /OpenIddict/Applications

  • User Avatar
    0
    sghorakavi@cpat.com created

    Thank you for UI change suggestion. I still think, we should change DB in the background. Any suggestions ?

    Also, you can see the issue : https://abp.io/support/questions/9700/ExternalProviderSettingsHelper-after-upgrade-to-923-from-904-not-working

    It is still not working. Can you unlock that tkt as well.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Hi

    You can inject AbpApplicationManager to update application/client entity.

    https://abp.io/docs/latest/modules/openiddict#database-providers

  • User Avatar
    0
    sghorakavi@cpat.com created

    [maliming] said: AbpApplicationManager

    Thank you, I will try this.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Ok

  • User Avatar
    0
    sghorakavi@cpat.com created

    Thank you for UI change suggestion. I still think, we should change DB in the background. Let me see if I should access DBContext and change the columns.

    Seems to be working with DB Change. Thank you

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Great : )

Assignee
User avatar maliming
Question details
Labels
None yet
Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.1.0-preview. Updated on October 07, 2025, 05:59