Starts in:
2 DAYS
15 HRS
21 MIN
11 SEC
Starts in:
2 D
15 H
21 M
11 S

Activities of "Dina"

Hi,

Here's the code snippet we're using

public class PhoneNumberLoginTokenExtensionGrant : ITokenExtensionGrant, ITransientDependency { public const string ExtensionGrantName = PhoneNumberLoginConsts.GrantType;

  public string Name => ExtensionGrantName;
  public virtual async Task<IActionResult> HandleAsync(ExtensionGrantContext context)
  {
      var identityOptions = context.HttpContext.RequestServices.GetRequiredService<IOptions<IdentityOptions>>();
      var identityUserManager = context.HttpContext.RequestServices.GetRequiredService<IdentityUserManager>();
      var signInManager = context.HttpContext.RequestServices.GetRequiredService<SignInManager<IdentityUser>>();
      var scopeManager = context.HttpContext.RequestServices.GetRequiredService<IOpenIddictScopeManager>();
      var abpOpenIddictClaimsPrincipalManager = context.HttpContext.RequestServices
          .GetRequiredService<AbpOpenIddictClaimsPrincipalManager>();
      var identitySecurityLogManager =
          context.HttpContext.RequestServices.GetRequiredService<IdentitySecurityLogManager>();
      //var localizer = context.HttpContext.RequestServices
      //    .GetRequiredService<IStringLocalizer<PhoneNumberLoginResource>>();
      var uniquePhoneNumberIdentityUserRepository = context.HttpContext.RequestServices
          .GetRequiredService<IRe3aytakIdentityUserRepository>();

      await identityOptions.SetAsync();

      var phoneNumber = context.Request.GetParameter("phone_number")?.ToString();
      var code = context.Request.GetParameter("code").ToString();
      var password = context.Request.GetParameter("password").ToString();

      if (string.IsNullOrWhiteSpace(phoneNumber))
      {
          return new ForbidResult(
              new[] { OpenIddictServerAspNetCoreDefaults.AuthenticationScheme },
              properties: new AuthenticationProperties(new Dictionary<string, string>
              {
                  [OpenIddictServerAspNetCoreConstants.Properties.Error] =
                      OpenIddictConstants.Errors.InvalidRequest,

                  [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] =
                     "localizer[PhoneNumberLoginErrorCodes.InvalidPhoneNumberOrPassword]"
              }!));
      }

      if (string.IsNullOrWhiteSpace(code) && string.IsNullOrEmpty(password))
      {
          return new ForbidResult(
              new[] { OpenIddictServerAspNetCoreDefaults.AuthenticationScheme },
              properties: new AuthenticationProperties(new Dictionary<string, string>
              {
                  [OpenIddictServerAspNetCoreConstants.Properties.Error] =
                      OpenIddictConstants.Errors.InvalidRequest,

                  [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] =
                      "localizer[PhoneNumberLoginErrorCodes.InvalidCredential]"
              }!));
      }

      //var identityUser =
      //    await uniquePhoneNumberIdentityUserRepository.GetByConfirmedPhoneNumberAsync(phoneNumber);


      var identityUser = await uniquePhoneNumberIdentityUserRepository.GetByConfirmedPhoneNumberAsync(phoneNumber);              

      if (password.IsNullOrWhiteSpace())
      {
          var result = await identityUserManager.VerifyUserTokenAsync(identityUser,
              TokenOptions.DefaultPhoneProvider, PhoneNumberLoginConsts.LoginPurposeName, code);

          if (!result)
          {
              return new ForbidResult(
                  new[] { OpenIddictServerAspNetCoreDefaults.AuthenticationScheme },
                  properties: new AuthenticationProperties(new Dictionary<string, string>
                  {
                      [OpenIddictServerAspNetCoreConstants.Properties.Error] =
                          OpenIddictConstants.Errors.InvalidGrant,

                      [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] =
                          "localizer[PhoneNumberLoginErrorCodes.InvalidVerificationCode]"
                  }!));
          }
      }
      else
      {
          bool result = await identityUserManager.CheckPasswordAsync(identityUser, password);

          if (!result)
          {
              return new ForbidResult(
                  new[] { OpenIddictServerAspNetCoreDefaults.AuthenticationScheme },
                  properties: new AuthenticationProperties(new Dictionary<string, string>
                  {
                      [OpenIddictServerAspNetCoreConstants.Properties.Error] =
                          OpenIddictConstants.Errors.InvalidGrant,

                      [OpenIddictServerAspNetCoreConstants.Properties.ErrorDescription] =
                          "localizer[PhoneNumberLoginErrorCodes.InvalidPhoneNumberOrPassword]"
                  }!));
          }
      }

      var principal = await signInManager.CreateUserPrincipalAsync(identityUser);

      principal.SetScopes(context.Request.GetScopes());
      principal.SetResources(await GetResourcesAsync(context.Request.GetScopes(), scopeManager));

      await abpOpenIddictClaimsPrincipalManager.HandleAsync(context.Request, principal);

      await identitySecurityLogManager.SaveAsync(
          new IdentitySecurityLogContext
          {
              Identity = OpenIddictSecurityLogIdentityConsts.OpenIddict,
              Action = OpenIddictSecurityLogActionConsts.LoginSucceeded,
              UserName = context.Request.Username,
              ClientId = context.Request.ClientId
          }
      );

      return new Microsoft.AspNetCore.Mvc.SignInResult(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme,
          principal);
  }

     protected virtual async Task<IEnumerable<string>> GetResourcesAsync(ImmutableArray<string> scopes,
      IOpenIddictScopeManager scopeManager)
  {
      var resources = new List<string>();
      if (!scopes.Any())
      {
          return resources;
      }

      await foreach (var resource in scopeManager.ListResourcesAsync(scopes))
      {
          resources.Add(resource);
      }

      return resources;
  }

}

And the Re3aytakDomainModule configurations

public override void ConfigureServices(ServiceConfigurationContext context) {
Configure<AbpOpenIddictExtensionGrantsOptions>(options => { options.Grants.Add(PhoneNumberLoginConsts.GrantType, new PhoneNumberLoginTokenExtensionGrant()); }); }

And here's the PhoneNumberLoginConsts

public static class PhoneNumberLoginConsts { public static int MaxVerificationCodeLength { get; set; } = 8;

   public const string GrantType = "PhoneNumberLogin_credentials";

   public const string IdentityServerHttpClientName = "EasyAbpAbpPhoneNumberLogin"; // default client

   public const string VerificationCodeCachePrefix = "PhoneNumberLoginVerificationCode";

   public const string LoginPurposeName = "LoginByPhoneNumber"; 

   public const string ConfirmPurposeName = "ConfirmPhoneNumber";

}

Sent, kindly check.

hi

The framework will add it to access_token automatically. That is, if you don't change the code, it will be there.

https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/AbpUserClaimsPrincipalFactory.cs#L61

also, i have overridden the AbpUserClaimsPrincipalFactory

using System; 
using System.Linq; 
using System.Security.Claims; 
using System.Threading.Tasks; 
using Microsoft.AspNetCore.Identity; 
using Microsoft.Extensions.Options; 
using System.Security.Principal; 
using Volo.Abp.DependencyInjection; 
using Volo.Abp.Security.Claims; 
using Volo.Abp.Uow; 
using MyApp.Users; 
using Volo.Abp.Identity; 
using IdentityUser = Volo.Abp.Identity.IdentityUser; 
using IdentityRole = Volo.Abp.Identity.IdentityRole; 
 
namespace MyApp.Identity 
{ 
    /// <summary> 
    /// </summary> 
    [Dependency(ReplaceServices = true)] 
    [ExposeServices(typeof(AbpUserClaimsPrincipalFactory), typeof(ExtendedUserClaimsPrincipalFactory), IncludeSelf = false, IncludeDefaults = false)] 
    public class ExtendedUserClaimsPrincipalFactory : AbpUserClaimsPrincipalFactory, ITransientDependency 
    { 
 
        public ExtendedUserClaimsPrincipalFactory( 
            UserManager<IdentityUser> userManager, 
            RoleManager<IdentityRole> roleManager, 
            IOptions<IdentityOptions> options, 
            ICurrentPrincipalAccessor currentPrincipalAccessor, 
            IAbpClaimsPrincipalFactory abpClaimsPrincipalFactory) 
            : base( 
                userManager, 
                roleManager, 
                options, 
                currentPrincipalAccessor, 
                abpClaimsPrincipalFactory) 
        {   } 
 
        [UnitOfWork] 
        public override async Task<ClaimsPrincipal> CreateAsync(IdentityUser user) 
        { 
            var principal = await base.CreateAsync(user); 
            var identity = principal.Identities.First(); 
 
            if (user.TenantId.HasValue) 
            { 
                identity.AddIfNotContains(new Claim(AbpClaimTypes.TenantId, user.TenantId.ToString())); 
            } 
 
            if (!user.Name.IsNullOrWhiteSpace()) 
            { 
                identity.AddIfNotContains(new Claim(AbpClaimTypes.Name, user.Name)); 
            } 
 
            if (!user.Surname.IsNullOrWhiteSpace()) 
            { 
                identity.AddIfNotContains(new Claim(AbpClaimTypes.SurName, user.Surname)); 
            } 
 
            if (!user.PhoneNumber.IsNullOrWhiteSpace()) 
            { 
                identity.AddIfNotContains(new Claim(AbpClaimTypes.PhoneNumber, user.PhoneNumber)); 
            } 
 
            identity.AddIfNotContains( 
                new Claim(AbpClaimTypes.PhoneNumberVerified, user.PhoneNumberConfirmed.ToString())); 
 
            if (!user.Email.IsNullOrWhiteSpace()) 
            { 
                identity.AddIfNotContains(new Claim(AbpClaimTypes.Email, user.Email)); 
            } 
 
            identity.AddIfNotContains(new Claim(AbpClaimTypes.EmailVerified, user.EmailConfirmed.ToString())); 
 
 
            if (user.ExtraProperties.ContainsKey(AppUserConsts.UserTypePropertyName)) 
            { 
                var userType = user.ExtraProperties[AppUserConsts.UserTypePropertyName]?.ToString(); 
                if (!string.IsNullOrEmpty(userType)) 
                    identity.AddIfNotContains(new Claim(AppUserConsts.UserTypePropertyName, userType)); 
            } 
            using (CurrentPrincipalAccessor.Change(identity)) 
            { 
                await AbpClaimsPrincipalFactory.CreateAsync(principal); 
            } 
            return principal; 
        } 
    } 
} 
 

and configured at the domain module

PreConfigure<IdentityBuilder>(builder => 
            { 
                builder.AddClaimsPrincipalFactory<ExtendedUserClaimsPrincipalFactory>(); 
            }); 

and the principal is filled correctly with claims values, but the phoneNumber at currentUser is still null and currentUser claims did not update with the values at the principal.

Please advise.

and what about this issue please? the claims are filled correctly at the principal but the currentUser still does not contain them.

hi

IDX10206: Unable to validate audience. The 'audiences' parameter is empty.

Please share a access_token

do you mean a generated access_token value or what?

any update please?

hi

The framework will add it to access_token automatically. That is, if you don't change the code, it will be there.

https://github.com/abpframework/abp/blob/dev/modules/identity/src/Volo.Abp.Identity.Domain/Volo/Abp/Identity/AbpUserClaimsPrincipalFactory.cs#L61

also, i have overridden the AbpUserClaimsPrincipalFactory

using System;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Identity;
using Microsoft.Extensions.Options;
using System.Security.Principal;
using Volo.Abp.DependencyInjection;
using Volo.Abp.Security.Claims;
using Volo.Abp.Uow;
using MyApp.Users;
using Volo.Abp.Identity;
using IdentityUser = Volo.Abp.Identity.IdentityUser;
using IdentityRole = Volo.Abp.Identity.IdentityRole;

namespace MyApp.Identity
{
    /// <summary>
    /// </summary>
    [Dependency(ReplaceServices = true)]
    [ExposeServices(typeof(AbpUserClaimsPrincipalFactory), typeof(ExtendedUserClaimsPrincipalFactory), IncludeSelf = false, IncludeDefaults = false)]
    public class ExtendedUserClaimsPrincipalFactory : AbpUserClaimsPrincipalFactory, ITransientDependency
    {

        public ExtendedUserClaimsPrincipalFactory(
            UserManager<IdentityUser> userManager,
            RoleManager<IdentityRole> roleManager,
            IOptions<IdentityOptions> options,
            ICurrentPrincipalAccessor currentPrincipalAccessor,
            IAbpClaimsPrincipalFactory abpClaimsPrincipalFactory)
            : base(
                userManager,
                roleManager,
                options,
                currentPrincipalAccessor,
                abpClaimsPrincipalFactory)
        {   }

        [UnitOfWork]
        public override async Task<ClaimsPrincipal> CreateAsync(IdentityUser user)
        {
            var principal = await base.CreateAsync(user);
            var identity = principal.Identities.First();

            if (user.TenantId.HasValue)
            {
                identity.AddIfNotContains(new Claim(AbpClaimTypes.TenantId, user.TenantId.ToString()));
            }

            if (!user.Name.IsNullOrWhiteSpace())
            {
                identity.AddIfNotContains(new Claim(AbpClaimTypes.Name, user.Name));
            }

            if (!user.Surname.IsNullOrWhiteSpace())
            {
                identity.AddIfNotContains(new Claim(AbpClaimTypes.SurName, user.Surname));
            }

            if (!user.PhoneNumber.IsNullOrWhiteSpace())
            {
                identity.AddIfNotContains(new Claim(AbpClaimTypes.PhoneNumber, user.PhoneNumber));
            }

            identity.AddIfNotContains(
                new Claim(AbpClaimTypes.PhoneNumberVerified, user.PhoneNumberConfirmed.ToString()));

            if (!user.Email.IsNullOrWhiteSpace())
            {
                identity.AddIfNotContains(new Claim(AbpClaimTypes.Email, user.Email));
            }

            identity.AddIfNotContains(new Claim(AbpClaimTypes.EmailVerified, user.EmailConfirmed.ToString()));


            if (user.ExtraProperties.ContainsKey(AppUserConsts.UserTypePropertyName))
            {
                var userType = user.ExtraProperties[AppUserConsts.UserTypePropertyName]?.ToString();
                if (!string.IsNullOrEmpty(userType))
                    identity.AddIfNotContains(new Claim(AppUserConsts.UserTypePropertyName, userType));
            }
            using (CurrentPrincipalAccessor.Change(identity))
            {
                await AbpClaimsPrincipalFactory.CreateAsync(principal);
            }
            return principal;
        }
    }
}

and configured at the domain module

PreConfigure<IdentityBuilder>(builder =>
            {
                builder.AddClaimsPrincipalFactory<ExtendedUserClaimsPrincipalFactory>();
            });

and the principal is filled correctly with claims values, but the phoneNumber at currentUser is still null and currentUser claims did not update with the values at the principal.

Please advise.

hi,

I have added the customTokenExtensionGrant and now the result is succeed

 var request = new TokenRequest
            {
                Address = _options.CurrentValue.Authority + _options.CurrentValue.TokenEndPoint,
                GrantType = MyApp.Identity.PhoneNumberLoginConsts.GrantType,
                ClientId = _options.CurrentValue.ClientId,
                ClientSecret = _options.CurrentValue.ClientSecret,
                Parameters =
                {
                    {"phone_number", phoneNumber},
                    {"code", code}
                }
            };
          
            var result = await httpClient.RequestTokenAsync(request);
            

but there is an old code (while using identity server) after the result is get

if (!result.IsError)
            {
                var TokenValidationParameters = new TokenValidationParameters()
                {
                    ValidateAudience = true,
                    ValidAudience = "Public",

                    ValidateIssuer = true,
                    ValidIssuers = new[] { _options.CurrentValue.Authority },

                    ValidateIssuerSigningKey = true,
                    IssuerSigningKeys = openidconfig.SigningKeys,

                    RequireExpirationTime = true,
                    ValidateLifetime = true,
                    RequireSignedTokens = true,
                };
                JwtSecurityTokenHandler jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
                var claimsPrinciples = jwtSecurityTokenHandler.ValidateToken(result.AccessToken, 
                                                                            TokenValidationParameters, 
                                                                            out SecurityToken validatedToken);



                var AuthenticationProperties = new AuthenticationProperties();
                if (_options.CurrentValue.SaveTokens)
                {
                    var authTokens = new List<AuthenticationToken>();

                    authTokens.Add(new AuthenticationToken { Name = "access_token", Value = result.AccessToken });
                    if (!string.IsNullOrEmpty(result.RefreshToken))
                    {
                        authTokens.Add(new AuthenticationToken { Name = "refresh_token", Value = result.RefreshToken });
                    }

                    if (!string.IsNullOrEmpty(result.TokenType))
                    {
                        authTokens.Add(new AuthenticationToken { Name = "token_type", Value = result.TokenType });
                    }

                    if (result.ExpiresIn != 0)
                    {
                        var expiresAt = DateTime.UtcNow + TimeSpan.FromSeconds(result.ExpiresIn);
                        authTokens.Add(new AuthenticationToken
                        {
                            Name = "expires_at",
                            Value = expiresAt.ToString("o", CultureInfo.InvariantCulture)
                        });
                        AuthenticationProperties.ExpiresUtc = expiresAt;
                    }
                    AuthenticationProperties.StoreTokens(authTokens);
                }

                // generate AuthenticationTicket from the Identity
                // and current authentication scheme
                var ticket = new AuthenticationTicket(claimsPrinciples,AuthenticationProperties, "Cookies");
                
                return AuthenticateResult.Success(ticket);

bur there is an error

IDX10206: Unable to validate audience. The 'audiences' parameter is empty.

so how can i fix, or what is the replacement for that code using openIdDict not identityServer?

Hello, would it be any sooner or will it be after awhile, so I need to fix it locally?

hi what is the release date of version 3 please?

Your current identity has no phone_number and phone_number_verified claims.

how to add them please?

Showing 1 to 10 of 62 entries
Made with ❤️ on ABP v9.1.0-preview. Updated on November 20, 2024, 13:06