Activities of "Anjali_Musmade"
Hi
i have create two project Projecta and Projectb
now my project b can access projectb's api with project a accesstoken
Project A configuration changes
DbMigrator appsetting.json (please run migrator after this)
in project A OpenIddictDataSeedContributor.cs
var commonScopesProjectb = new List<string> {
OpenIddictConstants.Permissions.Scopes.Address,
OpenIddictConstants.Permissions.Scopes.Email,
OpenIddictConstants.Permissions.Scopes.Phone,
OpenIddictConstants.Permissions.Scopes.Profile,
OpenIddictConstants.Permissions.Scopes.Roles,
"Projectb"
};
// Blazor Server Project B Tiered Client
var blazorServerProjectBTieredClientId = configurationSection["Projectb_BlazorServerTiered:ClientId"];
if (!blazorServerProjectBTieredClientId.IsNullOrWhiteSpace())
{
var blazorServerTieredRootUrl = configurationSection["Projectb_BlazorServerTiered:RootUrl"].EnsureEndsWith('/');
await CreateApplicationAsync(
name: blazorServerProjectBTieredClientId!,
type: OpenIddictConstants.ClientTypes.Confidential,
consentType: OpenIddictConstants.ConsentTypes.Implicit,
displayName: "Blazor Server Application",
secret: configurationSection["Projectb_BlazorServerTiered:ClientSecret"] ?? "1q2w3e*",
grantTypes: new List<string> //Hybrid flow
{
OpenIddictConstants.GrantTypes.AuthorizationCode, OpenIddictConstants.GrantTypes.Implicit
},
scopes: commonScopesProjectb,
redirectUri: $"{blazorServerTieredRootUrl}signin-oidc",
postLogoutRedirectUri: $"{blazorServerTieredRootUrl}signout-callback-oidc",
clientUri: blazorServerTieredRootUrl,
logoUri: "/images/clients/blazor.svg"
);
}
// Swagger ProjectB Client
var swaggerProjectBClientId = configurationSection["Projectb_Swagger:ClientId"];
if (!swaggerProjectBClientId.IsNullOrWhiteSpace())
{
var swaggerRootUrl = configurationSection["Projectb_Swagger:RootUrl"]?.TrimEnd('/');
await CreateApplicationAsync(
name: swaggerProjectBClientId!,
type: OpenIddictConstants.ClientTypes.Public,
consentType: OpenIddictConstants.ConsentTypes.Implicit,
displayName: "Swagger Application",
secret: null,
grantTypes: new List<string> { OpenIddictConstants.GrantTypes.AuthorizationCode, },
scopes: commonScopesProjectb,
redirectUri: $"{swaggerRootUrl}/swagger/oauth2-redirect.html",
clientUri: swaggerRootUrl,
logoUri: "/images/clients/swagger.svg"
);
}
Please run dbmigrator after these changes and confirm in DB following
in database please check if you have these scopes
Project B Configuration I hope everywhere the authority in appsetting.json of project b is of Project A Auth Server URL
Hi
We have send you an request
Hello omarlakem@gmail.com,
I am trying to reproduce the issue for login page with version 7.2.2 it looks like this
and for version 7.3 it looks like
If you want login page in center it will be better if you upgrade to 7.3.
Please refer this migration guide to upgrade from 7.2.2 to 7.3 https://docs.abp.io/en/abp/latest/Migration-Guides/Abp-7_3
And for deploying you can create 3 packages (Blazor, Auth Server, Backend) and deploy 3 different applications into IIS
Thank You, Anjali
Hi
i guess OAuth 2.0 tables means clients right. you can have multiple clients make sure that Project A has that project b client registered.
Is this something I can reproduce by creating two blazor server application. can you please provide steps to reproduce with your scenario, I will try at my end.
Hi,
is project b deployed app and project a is running on local? If you are not using Project B authserver you shouldn't have two different tokens.
Hi,
You don't have to add this line
Below is everything that i have to do to get token with powerbi scope in a new 5.3.4.
is it possible to share your source code on support@abp.io with ticket id or can you create a new template and try this.
Hi
can you try adding a file and below code in the module where you have configure openidconnect, i was able to get the token. https://learn.microsoft.com/en-us/aspnet/core/security/authentication/claims?view=aspnetcore-7.0#extend-or-add-custom-claims-using-iclaimstransformation
using Microsoft.AspNetCore.Authentication;
using System;
using System.Security.Claims;
using System.Security.Principal;
using System.Threading.Tasks;
using Volo.Abp.DependencyInjection;
namespace Acme.BookStore.Web
{
public class MyClaimsTransformation : IClaimsTransformation, ITransientDependency
{
public Task< ClaimsPrincipal > TransformAsync(ClaimsPrincipal principal)
{
ClaimsIdentity claimsIdentity = new ClaimsIdentity();
if (!principal.HasClaim(claim => claim.Type == ClaimTypes.NameIdentifier))
{
var value = principal.FindFirst(claim => claim.Type == "http://schemas.microsoft.com/identity/claims/objectidentifier")?.Value;
if (!value.IsNullOrEmpty())
{
claimsIdentity.AddClaim(new Claim(ClaimTypes.NameIdentifier, value));
}
else
{
return Task.FromResult(principal);
}
}
principal.AddIdentityIfNotContains(claimsIdentity);
return Task.FromResult(principal);
}
}
}
Hi
is it possible for you to share accesstoken that is being used or decoded details from jwt.io?
Hi
Can you confirm the Project B BlazorServerModule authentication configuration does it points to project A auth server?
appsettings,json
Hi
You can resolve the aut.domain1.com in AUTH server project please see similar implementation and documentation https://docs.abp.io/en/abp/latest/Multi-Tenancy#domain-subdomain-tenant-resolver https://github.com/abpframework/abp-samples/tree/master/DomainTenantResolver